Home Depot said that 56 million payment cards were estimated to have been breached in a data theft between April and September at it stores in the U.S. and Canada. That makes it the second largest breach for a retailer on record.
The nation’s largest home improvement retailer, based in Atlanta, also confirmed Thursday that the malware used in the data breach has been eliminated.
The retailer said there was no evidence that debit PIN numbers were compromised or that the breach affected stores in Mexico or customers who shopped online at Homedepot.com. It has also completed a “major” payment security project that provides enhanced encryption of customers’ payment data in the company’s U.S. stores
The disclosure puts the data breach behind TJX Cos.’s theft of 90 million records, disclosed in 2007 and ahead of Target’s pre-Christmas 2013 breach which compromised 40 million credit and debit cards. But unlike Target’s breach, which resulted in falling sales as shoppers worried about the privacy of their security, Home Depot’s business remains intact so far. The reason? Customers appear to be growing accustomed to breaches after a string of them this past year, including Michaels, SuperValu and Neiman Marcus.
Home Depot might have also benefited in the timing in another way— the disclosure came in September, months after the spring season, which is the busiest time of year for home-improvement chains.
THE ASSOCIATED PRESS