The nation's largest home improvement retailer, Home Depot, has confirmed that its payment data systems have been breached.
In a statement, the company says it continues to determine the full scope, scale and impact of the breach. It also says there is no evidence that debit PIN numbers were compromised.
The company says it's investigating sales at its U.S. and Canadian stores from April of 2014 and on.
Home Depot chairman and CEO Frank Blake said:
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue. We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
According to Forbes, the breach affected Home Depot stores in the U.S. and Canada, while stores in Mexico and the HomeDepot.com website appear to have been spared.
A similar breach last year also struck retailer Target during the height of the holiday shopping season.
Security expert Brian Krebs, who broke the news of both breaches, said it appears the same type of malware was used in both cases.
According to Krebs, the information on the malware adds another indicator that those responsible for the breach at Home Depot also were involved in the December attack on Target.
Krebs also notes that cards apparently stolen from Home Depot shoppers first turned up for sale on Rescator[dot]cc, the same underground cybercrime site that sold millions of cards stolen in the Target attack.
Home Depot is offering free identity protection services, including credit monitoring, to customers who used a payment card at a Home Depot store from April 2014 and on. Customers who want to take advantage of the services can learn more at the company's website or by calling 1-800-HOMEDEPOT.
Home Depot has more than 30 stores in Minnesota.