In the aftermath of Home Depot's data breach, consumers have another DIY project: Protecting any accounts used to shop at the store.
On Monday, Home Depot confirmed a data breach of its payment systems in U.S. and Canadian stores, and said it was investigating transactions as far back as April. Security website KrebsonSecurity, which first reported the breach a week ago, also said Monday that financial institutions are seeing an increase in fraudulent purchases and ATM withdrawals that may trace back to affected cards.
In a statement, Home Depot said that although the investigation is ongoing, there's no evidence that debit-card users' PINs were compromised. Online shoppers, visitors to stores in Mexico and those who paid by check were also unaffected.
"There's a growing sense that these last couple [of breaches] are the early wave of what seems to be a significant set," said Geoff Webb, senior director of solution strategy for security management firm NetIQ. "This is the tip of the iceberg."
A simple solution exists that requires little elbow grease: Call your issuer and ask for a new card, if you shopped at Home Depot during the period under investigation, said Brian Riley, senior research director for CEB TowerGroup, a market research firm. That way, the payment details the hackers got are useless. "Every time there's a data breach, I do request my card to be replaced," he said.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," said Frank Blake, Home Depot's chairman and chief executive, in the statement.
The home-improvement retailer has yet to release estimates on the number of accounts affected, but analysts say the scope of the breach could rival Target's last year. That breach affected some 110 million customers who shopped at Target from late November to mid-December.
For consumers, the breach is yet another reminder to comb through their statements and sign up with their banks to get alerts on possibly fraudulent activity. Home Depot said it will offer free identity protection services, including credit monitoring, to any consumer who made a card purchase at one of its stores since April.
"Keep in mind that you have no liability on this," CEB's Riley said. "Though it's certainly an inconvenience."
Credit cards are protected under the Fair Credit Billing Act; limiting your liability for fraudulent charges to just $50—and most issuers waive even that. Liability on debit cards, however, can increase to $500 or more if you fail to promptly report the fraud. Again, a simpler solution may to just cancel your card and get a new one.
—By CNBC.com's Kelli Grant