The cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards, the company stated on Thursday.
In the first details revealed in its investigation of the breach, the company said the malicious software that compromised those payment systems had been custom-built to avoid triggering security software. The breach included stores in the United States and Canada and appears to have compromised transactions that occurred between April and September 2014.
"To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements," Home Depot said in its statement. "The hacker's method of entry has been closed off, the malware has been eliminated from the company's systems, and the company has rolled out enhanced encryption of payment data to all US stores."