Newsroom

Home Depot confirmed its systems were breached and is advising any customer who shopped in one of its stores from April 2014 on to watch their accounts. NAFCU continues its press for a national data security standard for merchants.

The breach "could potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward," the company said in Monday's statement. "We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com."

The company said it is still evaluating the breach but noted there "is no evidence" that debit PIN numbers were compromised. It said customers will not be held liable for fraudulent charges. (Get full statement.) The breach reportedly may have involved the a "reworked" version of the malware used in last year's Target breach.

Brad Thaler

NAFCU Vice President of Legislative Affairs Brad Thaler said this is one more example showing the need for action now on a national data security and breach notification measure for retailers. "Credit unions will, as they always have, do what is needed to protect members' accounts and identities, but we need retailers to hold up their end," said Thaler. "We think passing a national data security and breach notification requirement for retailers is a good place to start."

NAFCU was the first financial trade organization to call for national data security standards for retailers following the Target breach in December. The association is also a member of the Payments Security Task Force, a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time.