The breach of Home Depot’s payment systems may have compromised 56 million payment cards as a result of malware that has since been eliminated, the company said Thursday.
Attackers used unique, custom-built malware to evade detection, the company said in an update on its investigation. The malware was present between April and September of this year, the firm said in a statement. Terminals identified with malware have been taken out of service.
The retailer confirmed in September that its payment systems had been breached at stores in the U.S. and Canada, though it did not provide many more details.
Home Depot is using new encryption technology, provided by the vendor Voltage Security, to take raw payment card information and scramble it, the company said Thursday. The technology was rolled out to all U.S. stores this past Saturday, with a Canadian rollout expected to be completed early next year, Home Depot said.
There is no evidence, the firm re-iterated Thursday, that PIN numbers were compromised in the breach, or that it affected stores in Mexico or sites online.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Home Depot Chairman and CEO Frank Blake in a statement.
Home Depot is one of a number of large retailers to be recently targeted by hackers. In one high-profile case, data from about 40 million credit and debit cards was stolen in a breach of Target store systems last year.