Inside A Home Depot Store Ahead Of Earnings Figures
Big-ticket items were big sellers for Home Depot early in the new fiscal year. Photograph by Patrick T. Fallon — Bloomberg/Getty Images

Home Depot may be the latest target of credit card breach

Sep 02, 2014

Home Depot (hd) may be the latest retailer to join the ever-growing list of companies targeted by consumer-credit thieves.

Multiple banks said they have spotted evidence of a new group of stolen credit and debit cards which link back to the home-repair store. Home Depot said it is working with the banks and law enforcement to investigate the data breaches.

"We’re looking into some unusual activity," Paula Drake, a Home Depot spokeswoman, said in an e-mailed statement. "Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers ."

The breach was first reported by Brian Krebs on his site, and he is continuing to uncover evidence that the breach may be much larger than expected.

Hearing breach window of May '14-present. If true, Home Depot breach could be much larger than Target (40M cards stolen over 3 weeks)

— briankrebs (@briankrebs) September 2, 2014

Consumer data has been discovered on an underground site called recator[dot]cc, where the credit and debit card numbers are illegally sold. On Sept. 2 two massive batches of stolen cards were pushed onto the site, and there are indications that the same Russian and Ukranian hackers that recently targeted Target (tgt) and P.F. Chang's (pcfb) may be responsible for this breach as well.

It seems the hackers may be responding to recent U.S.-imposed sanctions against Russia, or at least have knowledge of world economic events. The underground data seller labeled the latest set of credit and debt card numbers "American Sanctions." Stolen cards issued by European banks are sold under the label "European Sanctions."

While not yet confirmed by Home Depot, initial reports reveal that the scope of the breach may include all 2,200 stores in the U.S.

"If we confirm that a breach has occurred, we will make sure customers are notified immediately," said Drake.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions