Multiple banks said they have spotted evidence of a new group of stolen credit and debit cards which link back to the home-repair store. Home Depot said it is working with the banks and law enforcement to investigate the data breaches.

“We’re looking into some unusual activity,” Paula Drake, a Home Depot spokeswoman, said in an e-mailed statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers.”

The breach was first reported by Brian Krebs on his site KrebsonSecurity.com, and he is continuing to uncover evidence that the breach may be much larger than expected.

Hearing breach window of May ’14-present. If true, Home Depot breach could be much larger than Target (40M cards stolen over 3 weeks)

— briankrebs (@briankrebs) September 2, 2014

Consumer data has been discovered on an underground site called recator[dot]cc, where the credit and debit card numbers are illegally sold. On Sept. 2 two massive batches of stolen cards were pushed onto the site, and there are indications that the same Russian and Ukranian hackers that recently targeted Target (TGT) and P.F. Chang’s (PCFB) may be responsible for this breach as well.

It seems the hackers may be responding to recent U.S.-imposed sanctions against Russia, or at least have knowledge of world economic events. The underground data seller labeled the latest set of credit and debt card numbers “American Sanctions.” Stolen cards issued by European banks are sold under the label “European Sanctions.”

While not yet confirmed by Home Depot, initial reports reveal that the scope of the breach may include all 2,200 stores in the U.S.

“If we confirm that a breach has occurred, we will make sure customers are notified immediately,” said Drake.