Hackers had access to 56 million credit and debit cards when they breached Home Depot’s security system this year, the company said Thursday. The breach was even larger than the attack on Target last year, when 40 million cards were compromised. The company said that thieves had placed malware software on cash registers in Home Depots throughout the U.S. and Canada from April to September. The malware has since been eliminated. The breach will cost the company at least $62 million.
The Home Depot said Thursday that about 56 million customer debit and credit cards were put at risk after hackers broke into the company’s payment systems. In a statement, the home improvement retailer said the malicious software used in the attack had been removed from its computer system in the United States and Canada and that the company had enhanced encryption at point-of-sale terminals at its U.S. stores. The number of cardholders affected in the Home Depot attack marks what is likely the largest breach ever of a retailer’s computer system, surpassing the 40 million cardholders who were affected when Target was hacked last fall. Home Depot’s investigation found the hackers escaped detection by using custom-made malware that had never been seen before. Such malware — which hackers call “zero days” because that’s how long it’s been known — can’t be spotted by traditional anti-virus software. Home Depot said the malware that stole the credit card data resided on its computer systems from April until September of this year — far longer than the attack against Target, which went on for about three weeks.