Home-improvement retailer Home Depot officially confirmed a data breach on Monday. Home Depot's investigation is focused on transactions made as far back as April.
There is no evidence that shoppers' debit PIN numbers were compromised, according to a statement the retailer released Monday.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," said Frank Blake, CEO of Home Depot, in the statement.
Analysts warned that the Home Depot breach could rival Target's massive breach last year.
The breach was first reported by security website KrebsOnSecurity almost a week ago. It said the problem could extend back to April and affect all of Home Depot's 2,200 stores in the United States.
No details were immediately available on how many customers were impacted. But Brian Krebs, who runs the security website, said last week the breach could be larger than Target's last year when hackers stole at least 40 million payment card numbers and 70 million other pieces of customer data.
Krebs reported on Monday that Home Depot's systems were hit by a variant of the same malware that compromised Target's systems last year.
Target has spent $146 million to resolve data breach-related issues since the fourth quarter of 2013. Most of these expenses were for settling actual and potential breach-related claims, mainly by payment card networks.
The largest known breach at a U.S. retailer was uncovered in 2007 at TJX, operator of the T.J. Maxx and Marshalls chains, which had more than 90 million credit cards stolen over about 18 months.
Home Depot said it started investigating the data breach last Tuesday, but the investigation will look at data from April.
"It doesn't exactly say a lot of good things about their data security systems if something was able to go on for months and they didn't notice," said Kenneth Dort, partner at intellectual property practice group, Drinker Biddle & Reath.
Home Depot promised free identity-protection services, including credit monitoring, to any potentially impacted customers.
Home Depot had said earlier it will roll out PIN- and chip-enabled cards at all its U.S. stores by the end of the year.
The retailer also said its internal information technology security team is working with banking partners, firms including Symantecand Fishnet Security, as well as the U.S Secret Service to gather facts in the investigation, it said.
Shares of Home Depot ended 0.86 percent lower at $90.82 on the New York Stock Exchange on Monday. (Click here for the latest quote.)
—By CNBC. Reuters contributed to this report.