Home Depot (HD) said on Thursday that some 56 million payment cards were likely compromised in a cyberattack at it stores, further expanding on industry rumors that were confirmed Sept. 8. Per Reuters:
Home Depot, in providing the first clues to how much the breach would cost, said that so far it has estimated costs of $62 million. But it indicated that costs could reach much higher.
The company said that the hackers’ method of entry has been closed off, the malware eliminated from its network, and that it had rolled out "enhanced encryption of payment data" to all U.S. stores.
When first confirmed, the company said that anyone who used a debit or credit card at its U.S. or Canadian stores since April may have had their data stolen.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," said Frank Blake, chairman and CEO. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
It will take months to determine the full scope of the fraud, which affected Home Depot stores in both the United States and Canada and ran from April to September.
"Those costs may have a material adverse effect on The Home Depot’s financial results in the fourth quarter and/or future periods," the company said in its statement.