Home Depot (HD) may have been the latest merchant to fall victim to a ginormous credit card data breach, according to a report from Krebs on Security.
The report states that a massive batch of stolen credit and debit cards went on sale in the “cybercrime underground” on Tuesday morning and that multiple banks are reporting that they are seeing evidence that the stolen credit data may have come from Home Depot stores.
A Home Depot spokesperson said that the company is is investigating the potential breach.
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot spokesperson Paula Drake told Krebs.
Krebs reports that there are similarities between the purported Home Depot attack and attacks on Target, Sally Beauty and P.F. Chang’s.
Krebs also reports that the credit card breach may stretch back until late April or early May and that data from all 2,200 Home Depot stores in the U.S. may have been vulnerable.
If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period.
Home Depot is part of the HW 30, HousingWire’s proprietary index of 30 key housing finance-focused stocks.
As of 3:21 p.m. Eastern, Home Depot’s stock was down 2.6% upon the news of the potential breach.