The Canadian arm of big box renovation chain Home Depot has been swept up in a company-wide investigation on Tuesday over a possible breach of customers’ financial information.
“They’re including [Canada] in assessing the situation to determine which divisions have been affected,” a spokeswoman for Home Depot Canada said by phone.
The home improvement chain said Tuesday it is looking into what it called unusual activity.
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Paula Drake, a U.S. spokesperson said in a statement.
Online security blogger Brian Krebs first reported the possible breach.
Krebs suggested U.S. banks with credit-card customers who shopped at the home improvement chain notified the renovation retailer that their customers’ accounts appeared to be compromised.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has a occurred, we will make sure customers are notified immediately,” Drake said.
The Home Depot operates about 180 stores in Canada alongside 2,200 or so in the United States.
If confirmed, Home Depot would be the latest big retailer to suffer a loss of sensitive customer information, further raising questions about the ability for big chains to keep information collected from shoppers properly protected, experts say.
The most high-profile breach to date occurred late last year at U.S. discount giant Target, which saw tens of millions of customers’ credit information, exposed during the holiday season.
While its Canadian stores weren’t affected, Target said Canadian shoppers who travelled to its U.S. stores in late November and mid-December may have been exposed.
Target said personal information like the names, addresses, emails and phone numbers of some Canadians may have been stolen. But the breach did not extend to payment data for the debit and credit cards of Canadians, which is what was taken from U.S. customers.
Hacking methods typically use malicious software to target the so-called point-of-sale, stealing data when a card is swiped for payment, experts say.
In the U.S., where many of the data breaches have occurred, pressure has intensified on retailers and financial institutions to introduce chip-protected credit cards, which are more secure.
In contrast to the U.S. retail landscape, chip-enabled credit and debit cards are widely used across Canada.
Still, some cardholders with older cards may be at risk, experts say.