Home Depot confirms breach in US, Canada stores

NEW YORK (AP) — Home Depot confirmed on Monday that its payment systems have been hacked in a data breach
that could affect millions of shoppers who used credit and debit cards at its more than 2,000 U.S. and
Canadian stores.

The breach could turn out to be one of the biggest in history. Home Depot did not say how many cards
might be affected, but the largest U.S. home improvement chain did say its investigation into the breach
goes as far back as April.

The news comes nearly a week after a website that focuses on cybersecurity reported on Tuesday a possible
hack of Home Depot’s data. The company said later that day that it was investigating the potential

"We apologize for the frustration and anxiety this causes our customers, and I want to thank them
for their patience and support as we work through this issue," Chairman and CEO Frank Blake said in
a press release.

Home Depot is the latest retailer to have a data breach. Others include Target, luxury retailer Neiman
Marcus, grocer Supervalu, restaurant chain P.F. Chang’s and the thrift store operations of Goodwill.

In December, Target Corp. disclosed a massive data breach that was the second-largest in history,
resulting in the theft of 40 million debit and credit card numbers and the potential exposure of
personal information of up to 70 million shoppers.

Forrester Research analyst John Kindervag said the Home Depot breach could affect similar numbers of
shoppers or cards, noting that months’ worth of data may have been compromised.

"From what I’m hearing, people think this will be as big as Target or bigger," he said in a
telephone interview with The Associated Press.

The retail breaches have rattled shoppers’ confidence at a time when privacy concerns are high. It’s also
increased pressure on retailers to increase security so that customers can feel safe that their personal
data is secure when they’re out shopping.

Retailers, banks and card companies have responded to the breaches by speeding the adoption of microchips
in U.S. credit and debit cards. That technology helps makes transactions more secure.

Home Depot, which said malware was used in the hack, has announced that it plans to have chip-enabled
checkout terminals at all of its U.S. stores by the end of this year.

In the meantime, the Atlanta company said its IT department also is looking into the breach and is
working with outside firms, its banking partners, and the U.S. Secret Service. It added that customers
will not be held responsible for fraudulent charges to their accounts.

The possible breach at Home Depot was first reported by Brian Krebs of Krebs on Security. Krebs said
multiple banks reported "evidence that Home Depot stores may be the source of a massive new batch
of stolen credit and debit cards."

If Target’s breach is any indication, the fallout from the Home Depot breach could be severe.

The Target hack cost the company hurt the company’s profit and revenue. Target’s chief information
officer and CEO both stepped down in the months after the hack.

"I would think if you’re a member of the board of directors, somebody has to be the sacrificial lamb
for this," Kindervag, the Forrester analyst, said about Home Depot’s breach.

Home Depot already has had some fallout. Its shares are down about 3 percent since Tuesday, and they fell
42 cents to $90.40 in Monday aftermarket trading.

Before the potential breach was announced, Home Depot said in August that Blake would step down as CEO on
Nov. 1. He will be replaced by Craig Menear, president of the company’s U.S. retail operations.

Copyright 2014 The Associated Press. All rights reserved.
This material may not be published, broadcast, rewritten or redistributed.