Payment information for about 56 million credit cards may have been put at risk in a security breach at Home Depot that took place between April and September of this year, the company said on Thursday. It previously confirmed the existence of a security breach on Sept. 8, but the scale and severity were still under investigation. "Criminals used unique, custom-built malware to evade detection," the company said in a statement summarizing its probe into the breach; "The malware had not been seen previously in other attacks, according to Home Depot's security partners." The company said that it has eliminated the malware from its systems in the United States and Canada, and also wrapped up a "major payment security project" affecting all of its U.S. stores: "To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements." Security expert Brian Krebs reported that Mastercard believed the breach only affected self-checkout stations, which would limit the scale somewhat. The strategy of compromising payment terminals and surreptitiously collecting credit card data was also used in the recent Target breach, which exposed some 40 million cards and 70 million more items of "personal info."
- Home Depot Confirms Credit Card Data Breach
- Home Depot 'Working Around the Clock' to Verify Data Breach
- Home Depot Probing 'Unusual Activity' After Reports of Data Breach