Yet another major U.S. retailer appears to have been struck by hackers looking to steal customers’ payment information, but it isn’t saying for sure just yet.
In a statement released this week, Home Depot announced it was “looking into some unusual activity that might indicate a possible payment data breach.” It didn’t confirm that one had actually occurred.
“We know that this news may be concerning and we apologize for the worry this can create,” the company’s statement reads. “If we confirm a breach has occurred, we will make sure our customers are notified immediately.”
The statement goes on to say that Home Depot will provide affected customers—if there are any—with free credit monitoring. According to Businessweek, the company has enlisted security firms Symantec and FishNet Security to investigate, with teams “working around the clock,” a spokeswoman said.
Although Home Depot itself has seemingly been hesitant to confirm that a breach has taken place, outside reports look grim. A Thursday-morning report from the site Krebs on Security says data that appeared in a database run by the cybercrime shop Rescator indicates that almost every Home Depot store in the United States could be involved in the breach.
“A comparison of the ZIP code data between the unique ZIPs represented on Rescator’s site and those of the Home Depot stores shows a staggering 99.4 percent overlap,” the Krebs report states.
If Home Depot has indeed suffered a breach, it will be one of a string of retailers and restaurants that has been hit in the past year. P.F. Chang’s, Nieman Marcus, and Sally Beauty are just a few that have been affected.
The victim of the largest breach of the past year, Target, reported a 62 percent drop in profit in the second quarter.