Newsroom

September 19, 2014

Home Depot: 56 million cardholders affected

In what is now the largest retailer data breach known, Home Depot last week announced that 56 million cardholder accounts were compromised between April and September at its stores throughout the U.S. and Canada.

Home Depot, in a statement, said hackers used a "unique, custom-built malware to evade detection" and that this particular malware had not been seen in any other previous attacks. Home Depot said all malware used in the breach has been eliminated from its U.S. and Canadian stores.

The company said it also recently completed a major payment security project to enhance encryption of payment data at point-of-sale in the company's U.S.-based stores; Canadian stores will have received the updated security by early 2015.

The Wall Street Journal reported last week that credit unions and other institutions were already reissuing new cards to consumers before Home Depot made known how many cardholder accounts were affected.

NAFCU continues to press for legislative action to set national data security and breach notification standards for retailers. The association is also a member of the Payments Security Task Force, a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time.

Senate Commerce Committee Chairman John Rockefeller, D-W.Va., and Subcommittee Chairman Claire McCaskill, D-Mo., in action lauded by NAFCU, wrote Home Depot earlier this month seeking a briefing on the breach. In a separate action, Senate Commerce Committee members Edward Markey, D-Mass., and Richard Blumenthal, D-Conn., have requested a Federal Trade Commission investigation.