Home Depot announced that approximately 56 million debit and credit card numbers from its customers have been stolen by cyber criminals between April and Septmeber 2014, making this attack the largest retail card breach to date. The Home Depot breach was initially disclosed on Sept 2 and the malware has been removed from its U.S and Canadian store networks. Home Depot announced that it has rolled out enhanced encryption of payment data to all U.S stores, involving new payment security protection which takes raw payment card information and scrambles it to make it unreadable.

The Home Depot breach could have involved many millions more of stolen cards, but forensic investigators claim hackers installed the malware on Home Depot’s self-checkout systems explaining why this breach involved only 56 million cards. The cyber criminals were stealing card data from Home Depot’s cash registers until Sept. 7, five days after the news of the breach broke.

The Target breach lasted three weeks, but it exposed some 40 million debit and credit cards because hackers switched on their card-stealing malware during the busiest shopping season of the year. Prior to the Home Depot breach, the record for the largest retail card breach was the TJX, which lost 45.6 million cards.

Retrieved from: Krebson Security