Home Depot announced Thursday that hackers who breached the chain’s security system put as many as 56 million payment transactions at risk. That would make the hack, which occurred from April to September, even larger than the massive Target breach that happened last year during the holiday shopping season.
Atlanta-based Home Depot said in a statement that it began investigating the infiltration on Sept. 8 after an alert notified banking partners that its financial system had been compromised. The identity of the cyber-thieves remains unknown, although Home Depot said they used custom-made software that had never been seen before and effectively helped them avoid detection for so long. The comoany said the malware had been eliminated.
Home Depot will dole out approximately $62 million to recover from the hack, roughly $27 million of which will be covered by insurance. Much of the sum will cover legal expenses and allocate funds for additional customer service to help clean up the situation.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Home Depot CEO Frank Blake said in the statement. “From the time this investigation began, our guiding principle has been to put customers first, and we will continue to do so.”
The situation has so far had no effect on Home Depot sales. The home improvement chain said it expects revenue to grow by 4.8 percent this year, and share price has climbed by 1 percent since Home Depot announced the data breach on Sept. 2.
Home Depot, so far, has avoided Target’s fate: The retailer announced in December that up to 40 million card accounts were affected when Eastern European hackers installed malicious software on the chain’s register network. Within two months, Target's stock price fell by 11 percent.