US Home Depot investigating possible data breach

US retailer Home Depot is working with law enforcement to investigate "unusual activity" related to customer data after a security researcher reported the chain appeared to the source of stolen credit and debit cards on sale in the black market.

A spokesperson for the company confirmed the investigation but said it was too early to ascertain whether a large-scale breach had occured.

"At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," Home Depot representative Paula Drake said.

"If we confirm that a breach has occurred, we will make sure customers are notified immediately."

Infosec expert Brian Krebs reported on his website yesterday that multiple banks had seen evidence that Home Depot may be the source of the up-for-sale stolen cards. 

Krebs said his preliminary analysis indicated the problem could affect all of Home Depot's 2200 stores in the United States. He said several banks he contacted believed the breach could extend back to April or May of this year.

"If that is accurate - and if even a majority of Home Depot stores were compromised - this breach could be many times larger than Target," Krebs wrote.

In the Target breach, which hit the retailer during the important year-end holiday shopping season, hackers stole at least 40 million payment card numbers and 70 million other pieces of customer data.

The incident cost the company hundreds of millions of dollars, several executives and prompted numerous investigations.