Data Shows Home Depot Hackers Ransacked Nearly All 2,200 U.S. Stores

Criminal activity suggesting a major retailer has been breached first surfaced earlier this week, when cybercrime store rescator[dot]cc listed a number of stolen credit and debit cards whose legitimate owners had all shopped at Home Depot.

Now KrebsOnSecurity has cross-checked all of the unique ZIP codes in the card data against a Home Depot marketing list with the ZIP code of each store nationwide.

“A comparison of the ZIP code data between the unique ZIPs represented on Rescator’s site, and those of the Home Depot stores shows a staggering 99.4 percent overlap,” Krebs writes.

So far, Home Depot will only say that it is examining “unusual activity” and that it is working with law enforcement on an investigation.  The company has set up a page for further notices about the case.

Krebs first broke the story on Tuesday. There is a sense the crooks might be the same group of Russian and Ukrainian hackers behind the payment system infiltrations at Target, Sally Beauty and P.F. Chang’s, among others. 

Rescator sold much of the bounty from those raids.  

“In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards ‘American Sanctions,’” Krebs wrote. “Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labeled “European Sanctions.”