The Home Depot Inc. announced today that the data breach the retailer disclosed recently put payment card information for 56 million cards at risk. The home improvement chain also said the custom-built malware—which had not been seen in a previous attack—has been removed from its payment networks in the U.S. and Canada.
Home Depot confirmed the breach on Sept. 8 and now says the malware was likely present from April 2014 on. The breach affected cards used to make purchases at stores in the U.S. and Canada but not on HomeDepot.com. The investigation also found that personal identification numbers for payments cards were not compromised.
The company said today it has completed a payment security project that provides enhanced encryption of payment data at the point of sale in the company’s U.S. stores. The new encryption will be rolled out to stores in Canada by early 2015, Home Depot says.
The new encryption system takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. The technology is provided by Voltage Security Inc. The rollout to U.S. stores began in January 2014.
Home Depot, No. 16 in the Internet Retail Top 500, is not the only large retailer or e-commerce company to suffer a breach. Home Depot joins the ranks of eBay Inc., Target Corp. and Neiman Marcus Group Ltd. as high-profile data breach victims. They’re part of a growing trend, as the number of data breaches jumped 53.6% in 2013 from 2012. 54.0% of those breaches were targeted at e-commerce web sites, according to a recent report by security firm Trustwave.