282 161 30LINKEDIN 2COMMENTMORE
SAN FRANCISCO — A massive batch of credit and debit card information that went on sale on a criminal Internet site Tuesday may be from Home Depot stores and could be linked to hackers responsible for breaches at Target and P.F. Chang's, security experts say.
The credit card information was offered for sale Tuesday on an underground site that traffics in stolen financial information, journalist Brian Krebs reported on his blog,Krebsonsecurity.com.
The breach could have begun in late April or early May of this year, Krebs reported.
If that is true, this incident could dwarf the Target breach, in which 40 million credit and debit accounts were compromised over a three-week period.
"This latest batch of cards is for sale from the same underground store that sold cards from P.F. Chang's and Target," said Trey Ford, a security strategist at Rapid7, a Boston-based computer security company.
Home Depot spokeswoman Paula Drake said she could only "confirm that we're looking into some unusual activity, and we are working with our banking partners and law enforcement to investigate."
The data put up for sale were labeled "American Sanctions."
Krebs interpreted the name "as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine."
Stolen information from cards issued by European banks that were used in Home Depot stores was sold separately and labeled "European Sanctions," Krebs reported.
Drake said Home Depot takes protecting customers' information extremely seriously. "We are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately," she said.
The data for sale include information that would have come from the magnet strip on the back of credit and debit cards, Ford said. Based on that, "there is probably malicious software on the point of sale registers in the stores," he said.