NEW YORK -- Home Depot says it's offering free identity protection services, including credit monitoring, to those customers who might be potentially hurt by a possible data breach at the home improvement chain.
The company also said Wednesday that it's working with leading security firms Symantec and FishNet Security to help it investigate a possible data hacking.
The moves come as Home Depot is trying to reassure customers that it's doing all it can the day after it learned of "suspicious" activity that pointed to a breach. It said Tuesday that it was working with both banks and law enforcement.
The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported "evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards" that went on sale on the black market earlier Tuesday.
"Our forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning," said Paula Drake, a Home Depot spokeswoman in a statement." There is no higher priority at this time than to rapidly gather the facts so that we can provide answers to our customers. We know these types of incidents can cause frustration and concern and we apologize for that."
Home Depot emphasized that in the event of a breach, customers will not be responsible for any possible fraudulent charges. It said that the financial institution that issued the card or Home Depot are responsible for the charges. It also encouraged customers to closely monitor their accounts and reach out to their card issuers if they notice any unusual activity.
Hackers have broken security walls for many retailers in recent months, including Target, grocery store chain Supervalu, P.F. Chang's and the thrift store operations of Goodwill. The rash of breaches has rattled shoppers' confidence in the security of their personal data and pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.
Krebs reported that it's not clear how many stores were affected but preliminary analysis indicates the breach may have affected all 2,200 Home Depot stores in the U.S. Several banks that were contacted by Krebs said they believe the breach may have started in late April or early May.
"If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period," said the Krebs post.
Krebs said that the party responsible for the breach may be the same group of Russian and Ukrainian hackers suspected in the Target breach late last year. Krebs also broke the news of Target's breach.
Target Corp., based in Minneapolis, is still trying to get beyond its massive breach that occurred late last year and hurt sales, profits and its reputation with customers. It has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.