Home Depot: Information on 56 Million Payment Cards Stolen by Malware

Atlanta-based The Home Depot announced Thursday that a months-long data breach stole information from 56 million payment cards.

According to The Associated Press, the cyber attacks began in April and were only ended earlier this month. The Home Depot has removed the malware from its payment terminals and has completed a security initiative that further encrypts customers’ payment information.

On Sept. 2, online security blog Krebs on Security announced batches of customers’ credit card information were released on an underground website that specializes in the buying and selling of personal information.

The day after Krebs broke the story of the data breach, The Home Depot reassured customers that if a breach had in fact occurred, The Home Depot would offer identity protection services, including credit monitoring, to customers who were affected. Additionally, The Home Depot or customers’ financial institutions will handle fraudulent charges racked up by unauthorized users.

On Sept. 8, the same day The Home Depot confirmed the breach, Krebs reported that a source familiar to the investigation had revealed that the software the hackers used to obtain the credit card information from Home Depot customers was the same software that was used to steal the credit card information of some 40 million Target customers in November and December, 2013. Krebs added that suspicious bank transactions resulting from the breach at Home Depot began appearing in May.

Home Depot customers have entered into a class-action lawsuit against the company that was filed late on Sept. 4, The Atlanta Journal-Constitution reports. The suit alleges that the company did not do enough to protect customers’ information before the breach, then did not respond quickly enough when the breach occurred. The suit seeks damages.