Suspicions of a credit card breach first emerged this week after cybersecurity journalist Brian Krebs reported that fraudulent credit cards possibly linked to Home Depot sales started showing up for sale on black market website rescator.cc.
The company confirmed it was looking into a possible breach on Tuesday, before adding more detail on Wednesday, in a statement carefully constructed to confirm the chain is investigating the matter — but still leaving the door open to the possibility that their network has not, in fact, been compromised.
Home Depot's "forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning," the chain told CBC News.
"It’s important to note that in the event we determine there has been a data breach, our customers will not be responsible for any possible fraudulent charges," Home Depot said. "The financial institution that issued the card or Home Depot are responsible for those charges," adding that it would offer free identity protection services, including credit monitoring, to any potentially impacted customers.
Home Depot also urges all of its customers to monitor their accounts and let their banks know if they notice any unusual activity.
It's still unclear, however, if any of the chain's Canadian customers might be affected. Home Depot has at least 180 locations in Canada.
If a breach is confirmed, it would make Home Depot the latest retailer ensnared in an expensive security breach, following the footsteps of companies such as Target, which earlier this year had account information from as many as 70 million customers stolen.
In Target's breach, the chain's Canadian stores themselves weren't affected. But some Canadian customers who crossed the border into the U.S. and shopped there during the busy holiday shopping season were impacted.