WASHINGTON — Home improvement retailer Home Depot Inc has been in contact with the U.S. Secret Service about an alleged major breach of customer and credit card data that came to light this week, a law enforcement source told Reuters on Thursday.
Customer data could have been stolen from nearly all of Home Depot’s 2,200 stores in the United States, according to information released on Wednesday by security blog KrebsonSecurity.
That breach hit 11 Maine zip codes where the retailer has stores, including Bangor, South Portland, Portland, Augusta and Waterville, according to an analysis by The Portland Press Herald. Nationwide, the blog’s analysis of the credit card information for sale found it affects customers in 1,822 zip codes.
Any investigation by the Secret Service appears to be at a very early stage, the source said.
The Secret Service, which declined comment, usually is the lead agency in federal criminal investigations into complex breaches of credit card and other consumer data.
Another law enforcement source said the FBI, which also sometimes participates in such investigations, does not appear to be involved. It is unclear whether the U.S. Department of Justice is playing any role.
Chief Executive Officer Frank Blake told investors at the Goldman Sachs Annual Retailing Conference on Thursday that Home Depot and its partners were working around the clock to find a breach, though he did not confirm a breach occurred.
Blake said Home Depot learned of the possible breach on Tuesday and chose to communicate what it knew.
He said cybersecurity is a major issue for the company and that the home improvement chain will have technology to make credit card transactions safer installed at all its terminals by the end of the year.
If confirmed, the Home Depot incident could be among the most widespread in the string of security breaches at U.S. retailers in the recent past.
Spokeswoman Paula Drake on Wednesday said the retailer is working with IT security firms, including Symantec Corp and FishNet Security, to investigate whether there has been a data breach.
A Symantec spokeswoman confirmed that Symantec was assisting with the investigation but did not elaborate.
Home Depot sought to comfort its consumers, promising free identity-protection services, including credit monitoring, to any potentially impacted customers and reassuring that the retailer or the banks that issued the cards will be responsible for any fraudulent charges.
Home Depot shares were up 1.6 percent at $90.39 on Thursday morning on the New York Stock Exchange.
Concerns about a potential Home Depot data theft follow a major breach at retailer Target Corp, where hackers late last year stole at least 40 million payment card numbers and 70 million other pieces of customer data.