NEW YORK — Home Depot, the largest home-improvement chain, confirmed that hackers attacked its computer systems at stores in the U.S. and Canada in what could be one of the retail industry’s biggest breaches.
Customer data could have been stolen from nearly all of Home Depot’s 2,200 stores in the United States, according to information released on last week by security blog KrebsonSecurity.
That breach hit 11 Maine zip codes where the retailer has stores, including Bangor, South Portland, Portland, Augusta and Waterville, according to an analysis by The Portland Press Herald. Nationwide, the blog’s analysis of the credit card information for sale found it affects customers in 1,822 zip codes.
While payment systems were infiltrated, there is no evidence that debit-card PINs have been compromised, the company said in a statement on Monday. Home Depot, which didn’t disclose how many customers may have been affected, said the continuing investigation is focused on purchases made since April. The New York Times reported on Monday that the breach could involve more than 60 million credit-card numbers, citing a person familiar with the investigation.
Home Depot is the latest U.S. retailer to suffer a data breach from hackers, following attacks at Target, Supervalu and Neiman Marcus. As the list of victims increases, the retail industry is under escalating pressure to improve the security of computer systems and credit cards.
“I don’t know why the retailers aren’t waking up and doing something,” Tomer Weingarten, chief executive officer of online security firm SentinelOne in Mountain View, Calif., said in a phone interview. “It seems like Target should have been a very big wake-up call.”
The U.S. Secret Service is also looking into the possibility that the hackers who breached Target are behind the Home Depot attack, according to a government official who wasn’t authorized to speak publicly.
Home Depot shares fell 1.2 percent to $89.71 at 11:34 a.m. Tuesday in New York. The stock had gained 10 percent for the year through Monday.
The retailer said last week that it only learned of a possible breach after independent journalist Brian Krebs reported on Sept. 2 that hackers may have stolen customer data and made counterfeit credit- and debit-cards. It’s been investigating the matter since.
Home Depot said Monday that there’s no evidence that the breach affected online shoppers or stores in Mexico. The chain said it is giving identity protection and credit monitoring to anyone who used a payment card in a Home Depot store since April. Target made a similar offer after its breach.
Atlanta-based Home Depot had been on a roll with the rebounding housing market helping lift sales. The stock rose to an all-time high on Aug. 29, the last trading day before the retailer acknowledged a breach may have occurred.
Now Home Depot is working to restore confidence with its customers while also transitioning to a new chief executive officer. Craig Menear, the chain’s president of U.S. retail, will succeed CEO Frank Blake on Nov. 1. Blake, who took over in 2007, will remain chairman of the board.
While the financial impact on Home Depot remains to be seen, Target has already booked charges. As of Aug. 2, the discounter recorded $146 million in expenses related to the breach in which data for 40 million accounts were stolen. Part of the expenses include an estimate on claims yet to be made by the credit card companies.
More than 100 lawsuits have been filed against Target relating to the breach. The chain also blamed the attack, which became public in December, for a sales decline in the fourth quarter. In response, it’s spending $100 million to improve its security, including equipping company-issued credit cards with “chip and pin” technology, which is considered harder to hack.
The sales impact on Home Depot may be muted because this breach was disclosed in September when Home Depot’s key selling season during the first half of the year was already behind it, according to Bloomberg Intelligence. Disclosure of the Target breach happened during the heart of the holiday shopping season.