The size of the cyberattack exceeds the one that hit Target during last year’s holiday-shopping season.
Home Depot announced on Thursday that 56 million credit and debit cards were impacted by a recent hack of its systems, a number that exceeds the 40 million payment cards stolen from Target last year.
"We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges," said Frank Blake, CEO of the home-improvement retailer, in a press release. "From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so."
Earlier this month, Home Depot disclosed that it was investigating a "possible breach of our data systems" but did not specify the size or scope of the potential hack.
Late Thursday, the company announced the results of its investigation, which found criminals using a novel, custom malware to evade detection. Approximately 56 million "unique payment cards" used at stores in the U.S. and Canada were put at risk for the intrusion, which is believed to have lasted from April to September of this year.
The breach of Home Depot stores marks just one of the more recent massive attempts to steal personal and financial data at large retailers via vulnerable security networks. The hack on Target last winter prompted a flurry of congressional hearings on data security held by commercial enterprises, and eventually led to the resignation of the company's CEO.
Home Depot has pledged to offer free creit monitoring to victims of the breach, and said it had finished a security upgrade at its stores that aims to better protect credit and debit card information. The company also indicated customer data was no longer vulnerable.
"The hackers' method of entry has been closed off, the malware has been eliminated from the company's systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores," the company said in its release.
At least one credit-protection firm, BillGuard, has estimated that the hack could result in up to $3 billion in fake charges.