Home Depot Inc. said a data breach between April and September put about 56 million payment cards at risk, signaling that the hacker attack was bigger than the one that struck Target Corp. last year.
The hackers used custom-made software to evade detection, relying on tools that haven’t been seen in previous attacks, Atlanta-based Home Depot said today in a statement. The company began investigating the breach on Sept. 2, immediately after banking partners and law enforcement raised alarms that its systems may have been infiltrated.
Home Depot, which first acknowledged the attack earlier this month, has become one of the biggest victims of hackers’ war on retailers. The world’s largest home-improvement chain expects to pay about $62 million this year to recover from the incursion, including additional costs for call-center staffing and legal expenses. Insurance will cover $27 million of that tab, the company said.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Chief Executive Officer Frank Blake said in the statement. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”