allheart55 (Cindy E)
Administrator
SAN FRANCISCO - A massive batch of credit and debit card information that went on sale on a criminal Internet site Tuesday may be from Home Depot stores and could be linked to hackers previously responsible for breaches at Target and P.F. Chang's, security experts say.
The credit card information was first offered up for sale Tuesday on an underground site that traffics in stolen financial information, security author Brian Krebs reported on his blog, Krebsonsecurity.com.
The breach could have begun in late April or early May of this year, Krebs reported.
If that is true, this incident could dwarf the Target breach, in which 40 million credit and debit accounts were compromised over a three-week period.
"This latest batch of cards is for sale from the same underground store that sold cards from P.F. Chang's and Target," said Trey Ford, a security strategist at Rapid7, a Boston-based computer security company.
Home Depot spokeswoman Paula Drake said she could only "confirm that we're looking into some unusual activity and we are working with our banking partners and law enforcement to investigate."
The data put up for sale was labeled "American Sanctions."
Krebs called the naming "what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine."
Stolen information from cards issued by European banks that were used in Home Depot stores was sold separately and labeled "European Sanctions." Krebs reported.
Drake said Home Depot takes protecting customers' information extremely seriously. "We are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately," she said.
The data for sale includes information that would have come from the magnet strip on the back of credit and debit cards, said Ford. Based on that, "there is probably malicious software on the point of sale registers in the stores," he said.
