Shares of the home improvement chain closed 2 percent lower at
$91.15 on the news, which highlights growing scrutiny of data
security in the retail industry following a massive breach at Target
Corp last year.
"At this point, I can confirm that we’re looking into some unusual
activity and we are working with our banking partners and law
enforcement to investigate," Home Depot representative Paula Drake
wrote in an emailed statement to Reuters.
"If we confirm that a breach has occurred, we will make sure
customers are notified immediately."
The statement came after security website KrebsonSecurity first
reported that multiple banks had seen evidence that Home Depot may
be the source of stolen credit and debit cards put up for sale on
underground markets. Brian Krebs, who runs the website, could not be
immediately reached for comment.
Krebs wrote on his website that his preliminary analysis indicated
the problem could affect all of Home Depot's 2,200 stores in the
United States. He said several banks he contacted believed the
breach could extend back to April or May of this year.
"If that is accurate - and if even a majority of Home Depot stores
were compromised - this breach could be many times larger than
Target," Krebs wrote.
In the Target breach, which hit the retailer during the important
year-end holiday shopping season, hackers stole at least 40 million
payment card numbers and 70 million other pieces of customer data.
The incident cost the company hundreds of millions of dollars and
prompted numerous investigations by attorneys general and
congressional hearings and inquiries. In May, the company ousted its
CEO, Gregg Steinhafel, who has now been replaced by former Wal-Mart
Stores Inc executive Brian Cornell.
[to top of second column]
Numerous companies have come under the spotlight for potential
breaches in recent months.
In some situations, companies that conduct investigations into data
breaches may not be able to come to a definitive conclusion. For
instance, Sears Holdings Corp said in February that an investigation
into a possible data breach did not reveal conclusive information.
Retailers have been taking steps to better protect customer data.
Wal-Mart Stores Inc said last week that 4,600 of its group stores
were now using payment terminals capable of reading credit and debit
cards that store information on computer chips. Such cards are more
secure than conventional ones that store data on magnetic stripes.
The bulk of those stores activated the terminals this year,
spokesman Randy Hargrove said. The retailer plans to activate
terminals in its remaining U.S. stores by the end of 2014.
(Reporting by Nandita Bose and Nathan Layne in Chicago; additional
reporting by Alina Selyukh in Washington; editing by Matthew Lewis)
[© 2014 Thomson Reuters. All rights
2014 Reuters. All rights reserved. This material may not be
published, broadcast, rewritten or redistributed.