Image Credit: istockphoto.com
September 09, 2014 - 8:29 AM
TORONTO - Home Depot has confirmed that security at its payment system was breached and that customers who made credit card purchases at its Canadian and U.S. stores could be affected.
The Atlanta-based retailer (NYSE:HD) said Monday that there was no evidence that the breach affected customers who shopped online at HomeDepot.com or at its stores in Mexico, or that debit card PINs (personal identification numbers) were compromised.
It wasn't immediately clear whether the breach affected credit cards with chips and PINs, which are common in Canada but not yet rolled out universally in the United States.
News reports of the breach at North America's largest chain of home improvement stores emerged last week but the company disclosed little at the time, beyond saying on Sept. 2 that it was investigating.
The company is offering identity protection services and credit monitoring to any customer who used a payment card at a Home Depot store since the beginning of April.
"We apologize for the frustration and anxiety this causes our customers," the company said on its Canadian website, homedepot.ca.
"We also want to emphasize that you will not be responsible for any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on."
"It is important to closely monitor your payment card accounts and report unusual activity to your issuing bank," Home Depot's message to customers says.
A spokeswoman said in an email that Home Depot does have EMV, the standard chip protection in Canada, but that only the details in the news release were being disclosed Monday.
"Most importantly, we want customers to know our commitment to them and what the next steps are they should take. We continue to work around the clock with leading IT security firms, our banking partners and the (U.S.) Secret Service to rapidly gather facts and provide information to customers," said spokeswoman Paula Drake.
More detail is being posted on https://homedepot.allclearid.com/ and through a toll-free number at 1-800-466-3337.
Home Depot has a total of 2,264 stores in North America, including a total of 287 in Canada and Mexico.
A statement issued from its head office on Monday afternoon said that it will roll out chip-and-pin point of sale capabilities to all its U.S. stores by the end of 2014, ahead of an October 2015 deadline established by the U.S. payments industry.
Hackers have broken security walls for many retailers in recent months, including Target — which also has stores in Canada and the United States.
Security experts have said that chip-and-pin credit cards are less vulnerable to certain types of breach, particularly in stores, but hackers may used other techniques such as grabbing information off online transactions where the card number and password is entered by the consumer.
Cross-border shoppers from Canada who visit U.S. retail stores may also make purchases using the magnetic strips that are still included on credit and debit cards with embedded chips.
News from © The Canadian Press, 2014