By Jose Pagliery
NEW YORK (CNNMoney) — Home Depot on Monday confirmed that hackers indeed broke into its payment systems — maybe as far back as April.
Home Depot’s hack might be even bigger than Target’s was last year. In Target’s case, hackers slipped in for three weeks and grabbed 40 million debit and credit cards. Hackers remained in Home Depot’s computers — unnoticed — for about five months.
Hackers stole debit and credit card data from shoppers in the United States and Canada. The question now is how many millions of shoppers are affected.
Home Depot said it’s still investigating the breach, but said there’s still “no evidence” debit card PINs were exposed.
In a statement, Home Depot CEO Frank Blake said: “We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue.”
The company says it first became aware of the breach on Sept. 2, after receiving calls from banks and law enforcement. Home Depot said it’s working with the U.S. Secret Service to determine the scope of the hack.
So far, though, the company thinks only customers who shopped at brick-and-mortar stores in the U.S. and Canada were affected. Online customers — and those who shopped in its Mexico stores — were spared.
The home improvement chain is taking measures that are now typical of retailers victimized by cyberthieves. It’s offering free identity protection and credit monitoring to anyone who shopped there since April, and the store is replacing its card swiping terminals with machines that accept the more secure chip-enabled EMV cards.