ATLANTA: Home Depot is reaching out to customers to reassure them they will not be responsible for fraudulent charges resulting from its data breach.
The home-improvement retailer confirmed Monday that hackers breached its payment security systems. The data theft could affect more than 60 million customers who used credit cards at Home Depot locations in the US and Canada since April. There is no evidence that stores in Mexico and online shoppers were affected, or that debit PIN numbers were compromised, according to a company statement.
"Our communications have been focused first and foremost on our customers and what they want to know and need to know," said Home Depot corporate communications director Stephen Holmes. "We have also been communicating with our stores and keeping them up to date."
Holmes would not disclose if Home Depot has hired a crisis communications firm to help with the situation.
In response to the hack, Home Depot posted materials on its website including a statement and press release; answers to frequently asked questions about the breach; information about registering for free identity protection services; and tips on preventing identity theft.
Since becoming aware of the potential breach earlier this month, Home Depot’s forensics and security teams have been "working around the clock" with IT security firms, banking partners, and the US Secret Service, according to the FAQ document.
"We felt it was important to let everyone know that we’re confident there has been a breach," the company said in the statement. "We know it’s frustrating not to have all the details, but you won’t be responsible for any fraudulent charges, and we are offering free identity protection services, including credit monitoring to any customer who used a payment card at a Home Depot store in 2014, from April on."
Home Depot also posted an apology to customers from chairman and CEO Frank Blake.
As of Tuesday afternoon, Home Depot had not posted updates to its Facebook and Twitter pages since September 3, when it began preparing customers for the possibility of a breach by sharing information on its corporate website.
The company has also made customer-care representatives available, according to a press release.
Security blogger Brian Krebs, who first reported the potential breach last week, posted a blog on Sunday saying that Home Depot may have been hit by the same malware as the holiday-season data theft that affected more than 40 million Target customers.
Home Depot’s second-quarter net sales increased 5.7% year-over-year to $23.8 million. In August, it announced the promotion of US retail president Craig Menear to CEO, who will replace Blake on November 1. Blake has served as the chain’s chief executive since 2007.