An estimated 56 million credit cards have been exposed in the Home Depot security breach from September 2, according to Home Depot’s investigation update.
Home Depot detected the breach in early September after law enforcement and some of its banking partners reported the problem.
“Criminals used unique, custom-built malware to evade detection,” the company said in a press release. “The malware had not been seen previously in other attacks, according to Home Depotâ€™s security partners.”
The malware that put at risk “approximately 56 million unique payment cards” is “believed to have been present between April and September 2014.”
So far there is no evidence that credit card PIN numbers have been compromised, as the only impacted stores using PIN numbers for payments were for online shopping and stores based in Mexico.
Home Depot adopted new encryption technology for payment information, as the whole rollout in the US was completed by September 13. Canadian stores will also be protected by the new encryption technology from the beginning of 2015.
The retailer also committed to adapt the “Chip and PIN” standard in its US stores by the end of 2015.
The exposure seems to be larger than the breach suffered by Target, which had approximately 40 million credit card details exposed.
â€œWe apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,â€ said Frank Blake, chairman and CEO. â€œFrom the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.â€