Data show most US Home Depots hit by breach: Report

Customers buy goods at a Home Depot home improvement store.
Getty Images
Customers buy goods at a Home Depot home improvement store.

Customer data could have been stolen from nearly all of Home Depot Inc's stores in the United States, according to new information released on Wednesday by security website KrebsonSecurity.

Brian Krebs, who runs the website, had said on Tuesday that the problem could affect all of Home Depot's 2,200 stores in the United States. On Wednesday, he said he found new evidence that the breach first surfaced on the website Rescator, where customer credit cards were listed according to store ZIP code. These codes showed a 99.4 percent overlap with Home Depot stores, he said.

In all, there were 1,939 codes corresponding to Home Depot store locations, Krebs' website said. It is not yet clear how many customers were impacted.

Home Depot has not confirmed that a breach occurred. It has said it is investigating "unusual activity" and is working with its banking partners and law enforcement to investigate.

The FBI declined to comment on Wednesday.

Read More Wal-Mart workers lash out over 'silly' dress code changes

The retailer sought to reassure customers on Wednesday that they will not be held responsible for any possible fraudulent charges. It also asked them to closely monitor their accounts and said it will offer free identity-protection services, including credit monitoring, to any customers who may have been affected.

Home Depot could be the latest in a string of retailers to have been hit by security breaches in the recent past. If confirmed, the Home Depot breach could be among the worst.

U.S. retailers have been slow to adopt chip-reading technology on their terminals as most Americans do not carry chip-enabled cards.

Read MoreCVS CEO defends dropping tobacco sales

In one of the most serious incidents, hackers last year stole at least 40 million payment card numbers and 70 million other pieces of customer data from Target Corp.

The largest-known breach at a U.S. retailer, however, was uncovered in 2007, at TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains, where more than 90 million credit cards were stolen over about 18 months.

In some situations, companies that conduct investigations into data breaches may not be able to come to a definitive conclusion. For instance, Sears Holdings Corp said in February that an investigation into a possible data breach did not reveal conclusive information.

Home Depot shares fell 2.4 percent to close at $89.00 on the New York Stock Exchange on Wednesday.

—By Reuters

Contact Retail


    Get the best of CNBC in your inbox

    To learn more about how we use your information,
    please read our Privacy Policy.
    › Learn More