Home Depot today admitted 56 million bank cards are at risk after they were used in malware-infected tills.
The DIY giant on Thursday revealed that a software nasty infiltrated its PC-powered registers between April and September in the US and Canada. Cards swiped through the compromised machines could be accessed by the malware and siphoned off to crooks, and their account details are now feared to be in the hands of identity thieves, thieves and other miscreants.
"We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges," Home Depot CEO Frank Blake said in a statement [PDF].
"From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so."
Earlier in the day, investigative reporter Brian Krebs cited sources, close to Home Depot's internal probe into the security cock-up, who said MasterCard believes the infection may be limited to self-checkout tills.
Home Depot said that no PINs were obtained, and there is no evidence of fraud on the compromised accounts. The company is offering free identity protection services for those affected.
The chain has yet to comment on the details of the latest Krebs report, but has at least acknowledged that 56 million customers were exposed to fraudsters. Storefronts in Mexico and online sales were not affected.
The reports put Home Depot alongside Target in the ranks of firms that have been compromised by point-of-sale malware. Last year's Target breach similarly featured a malware infection in its tills, which was used to skim the data on 40 million bank cards.
That breach resulted in hefty fees for Target and the ousting of the company's chief executive. ®