Home Depot has confirmed it’s investigating whether Canadian customers are at risk in a data breach that may have seen millions of shoppers’ credit and debit card info stolen.
The breach was first reported by Krebs on Security, the same blog that revealed a security breach at retailer Target late last year.
The Target breach, which may have affected up to 40 million customers, did not affect the chain’s Canadian stores, though it may have affected Canadians shopping in U.S. stores.
But the Home Depot security breach could be much bigger because it may have been going on for longer. According to Krebs, banks' transaction data suggests it started as long ago as April or May of 2014. Millions of customers’ data may have been exposed.
Home Depot operates more than 180 stores in Canada, on top of some 2,200 stores in the U.S.
“They’re including [Canada] in assessing the situation to determine which divisions have been affected,” a spokesperson for Home Depot Canada told Global News.
Krebs on Security reported that “there are signs” the breach may have been carried out by the same group of Russian and Ukrainian hackers who are believed to have been behind the Target hack.
A batch of cards went on sale Tuesday on a site associated with Lampeduza Republic, a popular online black market for stolen cards, under the names “European sanctions” and “American sanctions,” Krebs reported. That seems to indicate the stolen cards are being hawked in retaliation against Western sanctions on Russia for its military incursions into Ukraine.
Home Depot on Wenesday warned customers to keep track of potential fraudulent charges to their accounts and said affected customers won't be held responsible.
"If we confirm a breach, we will offer free identity protection services, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers," the company said in a statement posted on its website early Wednesday.
-- With earlier reporting from The Huffington Post
Also on HuffPost