Home Depot braces for fallout from security breach

Shares of home-improvement retailer Home Depot sank on stock markets Tuesday after it confirmed its payment systems could have been hacked as early as April.

The hardware retailer did not say how many customers had been affected, but it could be in the millions. Stores in both Canada and the U.S. and transactions over a four-month period were affected.

Investors are wary of the long-term effects of the hack on Home Depots results. When Target admitted it had been hacked and 70 million customer accounts were affected, it faced a dramatic drop in its business.

Home Depot has been more careful in announcing it has been a target of cybercriminals.

• Home Depot says Canadians could be affected by security breach
• Data theft: Cash registers vulnerable, says Homeland Security

BrianKrebs of Krebs on Security released news last week that the retailer had been hacked. Krebs said multiple banks reported"evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards."

Home Depot was more ambiguous in its messaging, confirming only that it was investigating a possible hack.

Home Depot prepared to offercompensation

Later last week, it said it was prepared to give credit counselling and compensation to any consumers caught in a potential security breach. But again it did not confirm it had lost credit card numbers to cybercriminals.

The confirmation that there was indeed a hack affecting millions of shoppers in Canada and the U.S. did not come until yesterday.

Home Depot, with 1,800 U.S. stores and 180 in Canada, could be the biggest retailer yet to be a target.

And the news that it was investigating its systems back until April seemed to widen the scope of potential damage.

"From what I'm hearing, people think this will be as big asTarget or bigger,"Forrester Research analyst John Kindervag said.

The repercussion for Target, which was hit during the holiday season last year, was immediate. Shoppers avoided it for weeks, its profit fell and it faced steep costs to investigate the security breach. More importantly, its reputation was stained.

Rolling out chip cards in U.S.

Shoppers are increasingly alert to security concerns and there is pressure on retailers to improve their systems so consumers know they are safe when they hand over a credit card.

In the U.S., retailers, banks and card companies are speeding up the adoption of microchips on credit and debit cards. This technology is already widespread in Canada.

Home Depot has said it will have chip-enabled checkout terminals atall of its U.S. stores by the end of this year.

And it has pledged to customers they will not be held responsible for any fraudulent use of their card accounts.

CEO Frank Blake issued an apology to consumers, in an effort to head off the rush to competitors.

We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue, he said in a press statement yesterday.

Atoll-free number, 1-800-466-3337,has been set up to handle any customer inquiries.