Home Depot has issued an update on the breach disclosed earlier this month. The company reports that it has completed “a major payment security project that provides enhanced encryption of payment data at point of sale in the company’s U.S. stores, offering significant new protection for customers. Roll-out of enhanced encryption to Canadian stores will be complete by early 2015. Canadian stores are already enabled with EMV “Chip and PIN” technology.”
The company’s investigation has revealed:
- Criminals used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks, according to Home Depot’s security partners.
- The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards.
- The malware is believed to have been present between April and September 2014.
Read more on their statement (pdf).