Home Depot may be the latest retailer to have suffered a massive credit card breach, with the company moving to assuage consumers' fears after a large cache of stolen data reportedly appeared on black market sites.
According to information first reported by Krebs on Security on Tuesday, the breach may have extended as far back as the spring of this year. If so, the fallout may end up being far larger than Target's incident late last year, when personal data pertaining to tens of millions of customers was compromised.
Home Depot is working with investigators to determine the origin of "unusual activity," a spokeswoman said in a statement.
"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," she added, but declined to provide further information.
The home improvement chain sought to assure customers that their banks and Home Depot itself would help make shoppers whole in the event fraudulent charges were discovered.
"If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers, the company said in a statement, incentives that Target also offered to consumers affected by its data theft last fall.
"We're working hard to get you the information you need as quickly as possible and will continue to provide updates as we learn more," Home Depot added.
Amid a rash of identity thefts that have laid claim to banks and retailers in recent months, Krebs on Security reported that the breach bore similar hallmarks to groups that hit P.F. Chang's, as well as Target and others. Krebs added that the breach may have taken place across all of Home Depot's U.S. stores.
Privately, according to reports, officials suspect the hackers are of either Russian or Ukrainian origin. Hackers from those countries are also widely suspected as having orchestrated a recent attack on the Nasdaq Stock Market.
In Target's case, the breach affected as many as 70 million of its consumers, costing the company upwards of $100 million in charges, as well as lost customer traffic. Not long after the retail giant disclosed its breach, high-end retailer Neiman Marcus reported that it too had fallen prey to cyberattacks.
"It's not that bad things happen to companies, but how they react when bad things happen to them," said Aleksandr Yampolskiy, CEO & Founder of SecurityScorecard, a firm that provides cloud-based security services. He cited "constant hacker chatter" as far back as 2008, where potential cyber thieves circulated potential openings in Home Depot's websites —an indication of "poor secure coding practices."
Based on SecurityScorecard's criteria of ranking corporate cyber-security, Yampolskiy said Home Depot's systems appears even more vulnerable than Target's. Home Depot's systems "are not as good as the rest of its peers in the retail industry," he said.
Home Depot's stock, traded on the New York Stock Exchange, shed $1 intraday to trade above $90.
By CNBC's Javier E. David