home depotHome Depot, the largest DIY chain in the US, sought to reassure consumers as it investigated reports of a mass theft of customers’ payment data.

The chain said that if it confirmed a breach, it would offer free identity protection services and credit monitoring to customers who might be affected.  It also reminded customers that their banks or the retailer itself would be responsible for any fraudulent charges on their cards.

If the possible attack is confirmed, it would be the latest in a growing number of data breaches by hackers on US retailers and banks.  Brian Krebs, a well-known cyber security analyst who first reported the possible issues at Home Depot, said in a blog post that the suspected theft of card data from the company could be larger than the data theft of 40m credit and debit cards from Target earlier this year, based on information he had received from banks.

Cyber security researchers said retailers were proving to be equally alluring targets because they hold massive amounts of financial data but their security systems are rarely as sophisticated as those of large banks.

The weak security on credit cards used in the US also makes it relatively easy for cyber thieves to steal the data.  Europe uses so-called “chip and pin” cards, which require a personal pin code.   The US is only now requiring banks to use those more secure cards, a transition that will not be completed until next year.

Source:  Financial Times