Some Canadian Home Depot shoppers are falling victim to fraud following a months-long data breach at the home improvement retailer.
The Wall Street Journal reported earlier this week that U.S. customers’ financial data from the hack is beng used fraudulently to buy prepaid cards, electronics and even groceries. Customers whose debit cards were compromised have seen their accounts drained.
Now it appears the problem is hitting Canadian customers of Home Depot as well. Conan Davis of Mission, B.C., told Global News he was alerted by American Express that his credit card was being used fraudulently.
Davis had spent some $2,000 at Home Depot over the summer.
Some banks and credit card issuers, such as TD Bank, JPMorgan and Capital One, have started actively cancelling credit cards they believe were involved in the hack.
“We are reissuing cards for customers we believe may have been impacted, and evaluating further action,” a TD Bank spokesperson told Global.
Not all banks are taking such measures, and not all banks are seeing elevated levels of fraud. Scotiabank told the Globe and Mail it has seen "some instances of unusual activity," and National Bank says it has identified a few hundred credit cards it wants to replace "as a preventative measure." CIBC says it has seen "no upitck" in credit or debit card fraud.
It’s too early to tell how widespread the fraud linked to the Home Depot hack will be, but Home Depot says as many as 56 million cardholders may have been exposed. That would make it larger than the Target security breach over the holiday season last year, which is believed to have affected 40 million customers.
Home Depot announced the security breach on Sept. 8, nearly a week after the Krebs on Security blog first exposed it. The hack came to light when financial institutions began to notice suspicious activity on cards that had been used at Home Depot.
The retailer has offered free credit monitoring services to its customers in the U.S. and Canada.
According to a recent report from the Ponemon Institute, 43 per cent of U.S. companies have experienced a data breach of some kind over the past year. Losses due to fraud jumped 45 per cent last year alone, to $16 billion U.S., according to estimates from Javelin Strategy & Research.