Last Updated Sep 8, 2014 5:30 PM EDT
Home Depot (HD), the giant home improvement retailer, has confirmed that its payment systems were hacked at its U.S. and Canada stores starting in April. Customers who paid with cards may have had their data compromised. The store says there is no evidence that pin numbers from debit cards were stolen.
On Sept. 2, Home Depot said it was working with banks and law enforcement to investigate reports that its stores could have been the source of a new batch of credit and debit card numbers being sold on the black market. Security blogger Brian Krebs, who has broken news of several major data breaches at retailers this year, was the first to report the problem.
Since then, Home Depot has only confirmed the ongoing investigation and promised identity theft protection to customers if a breach was confirmed.
On Monday, the retailer reiterated the free credit-monitoring offer and said it "has taken aggressive steps to address the malware and protect customer data."
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," said Frank Blake, chairman and CEO, in a statement. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
Home Depot will roll out so-called "chip-and-pin" payment systems to all U.S. stores by the end of this year. The payments industry is requiring retailers to have those systems in place by October 2015.
It's not clear how many stores or shoppers could be involved in this now-confirmed breach, but analysts say it could be larger than the one that affected millions pf Target shoppers last year.
Home Depot says there's no evidence that the cyber-attack affected customers who shopped at Home Depot online or in Mexico. Customers who want to take advantage of the free ID theft protection and credit-monitoring services can visit the company's website or call 1-800-HOMEDEPOT (800-466-3337)