Home Depot Already Being Sued Over Apparent Data Breach
The Atlanta Journal-Constitution reports that a potential class-action claim was filed against Home Depot yesterday in a U.S. District Court in the Northern District of Georgia.
The plaintiffs allege that Atlanta-based Home Depot failed to protect customers’ credit card data, and that the retailer did not alert customers to the possible breach.
All that’s known at this point is that multiple banks traced fraudulent transactions on customers’ cards and found that these cardholders all shopped at Home Depot.
Following that revelation on Tuesday, Home Depot said it was investigating “unusual activity” and that it was working with authorities. It has not, however, confirmed the breach.
Data reviewed by KrebsOnSecurity.com, which broke the original story (along with numerous other recent hacks), showed a near 100% overlap between the ZIP codes of a batch of stolen credit cards that went on sale on the black market earlier this week and the ZIP codes of Home Depot stores in the U.S.
Only a small number of the approximately 2,200 Home Depot stores in America did not have their ZIP codes turn up in that list. However, the batch of stolen card numbers likely only represents a fraction of the total amount of pilfered data, so it’s possible that all stores were involved in the breach.
The other question that remains unresolved is exactly when this possible hack might have started. Some have reported that it could go back as far as April or May of this year.
If that’s true, this apparent hack has the potential of being significantly larger than the one that hit Target stores for a few weeks during the 2013 holiday shopping season.
Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.