Home Depot: Card breach put 56 million cards at risk

SAN FRANCISCO – The credit card breach at Home Depot first reported earlier this month put credit card information for 56 million cards at risk, the company said Thursday.

The malicious software, or malware, was placed on Home Depot point-of-sale terminals, or cash registers, between April and September of this year, the company said in a release. It was found in Home Depot stores in the United States and Canada but not in Mexico.

The criminals "used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks," according to Home Depot's security partners.

The malware has now been eliminated from the company's U.S. and Canadian networks, Home Depot said. All infected point-of-sale terminals were taken out of service.

Only credit cards were affected, no debit card PINs were compromised, Home Depot said.

Home Depot said it has completed a major payment security project, adding stronger encryption of payment data at its cash registers.

The credit card information was offered for sale Sept. 2 on an underground website that traffics in stolen financial information,

The incident is larger than the Target breach, in which 40 million credit and debit accounts were compromised over a three-week period.

Credit card security breaches can cause companies significant losses. Target is still recovering from a massive data breach it suffered last holiday season in its accounts were compromised.