A breach in point-of-payment systems at American DIY chain Home Depot earlier this year, has reportedly compromised 56 million credit and debit cards, in what would be the biggest ever credit card exposure.
Home Depot said in a statement: "Criminals used unique, custom-built malware to evade detection.
"The malware had not been seen previously in other attacks.
"The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards.
"The malware is believed to have been present between April and September 2014."
Home Depot said it has removed the malware from the agency’s systems and decommissioned any terminals hit with malware, while launching a better encryption of payment data in all US stores.
Confirming the breach of credit card data, the company noted ‘there is no evidence that debit PIN numbers were compromised’.
The breach came to light on 2 September, after banking partners observed a rise in batches of credit card numbers being dumped by cyber threats onto underground markets such as Rescator.cc and traced them to Home Depot.
According to another report from security blogger Brian Krebs, Home Depot breach involved the same malware as used against the retailer Target, called BlackPOS,Kaptoxa.
The attack on Target last year is expected to have cost the retailer $148m, and resulted in the exit of the firm’s chief information officer and CEO.
