Advertiser Disclosure

Home Depot Data Breach: What to Do If You’ve Shopped There Recently

Credit Cards
With so many websites offering free financial tools, it can be hard to know whom to trust. At NerdWallet, we spend literally 1,000s of hours researching partner offers and following strict editorial integrity to match you with the perfect choice. We even share how we make money so you can enjoy our expert advice and researched recommendations with total clarity and confidence.
Home Depot

If you spent the long holiday weekend working on a home improvement project, listen up: There’s good reason to believe that Home Depot shoppers are the latest victims of a major retail data breach.

Not sure what happened, or what to do if you’ve shopped there recently? Take a look at the details below – the Nerds have you covered.

Home Depot data breach? What we know so far

On Sept. 2, 2014, investigative journalist and security blogger Brian Krebs posted an article to his site indicating that Home Depot customers may be the latest victims of a massive credit card data breach. Although this might not seem like enough to cause concern, Krebs cites multiple pieces of credible evidence to support his story.

For one thing, Krebs reports that a large number of stolen credit card numbers were put up for sale on underground markets on the morning of Sept. 2, 2014. A group of them were labeled “American Sanctions.” Another unit of stolen payment data was labeled “European Sanctions.” Krebs interprets this as retaliation against the United States and Europe for recent sanctions these Western powers placed on Russia; he states that the hackers might be the same Russian/Ukrainian group that carried out the Target data breach at the end of 2013.

Krebs also states that a number of banks are investigating evidence of a data hacking that might be traced back to customer purchases made at Home Depot. At the same time, multiple news sources, including Bloomberg and the Wall Street Journal, report that the retailer, law enforcement and banks are looking into “unusual activity.”

In an update to his original post, Krebs reports that “several banks” think the breach might extend as far back as late April or early May 2014. This could mean millions of captured credit and debit card numbers, if it turns out to be true.

What to do if you’ve shopped at Home Depot recently

If you’ve shopped at Home Depot in the past few months, you might be worried that your credit card number is up for grabs on the black market. While there is cause for concern, it’s important not to panic. Remember, this story is still developing. The authorities have not yet definitively confirmed that a breach did occur at this particular retailer.

With that being said, your best course of action right now is to remain alert for new information. Specifically, you should monitor the activity on any credit card you may have used at Home Depot in the past few months very closely. For the time being, checking it once per day is probably a good idea. If you spot anything unusual, contact your card issuer immediately.

Also, keep a watch on your email for further instructions from Home Depot and/or your credit card company. If this does turn out to be a hacking that your card was swept up in, you might be receiving information about replacing it. If your issuer sends out any guidelines for further action on your part, follow them.

Otherwise, you can rest easy knowing that federal law limits your liability to a maximum of $50 in the event that you’re a victim of credit card fraud. If this possible breach occurred by way of skimming malware installed in Home Depot’s credit card readers, the Fair Credit Billing Act states that you won’t be responsible for any of the unauthorized charges.

Other tips for keeping your credit card data safe

Again, it’s not yet clear how the Home Depot data breach (if there even was a breach) happened. But it never hurts to review the steps you can take to keep your credit card information safe:

  • Keep your credit card out of plain sight when you’re in public places.
  • Don’t share your credit card number with anyone.
  • If a credit card terminal looks strange to you, don’t use it.
  • Only put your credit card number into websites that display “https” before the URL.
  • Be suspicious of anyone asking for your credit card number – in person, over the phone or via electronic communication. If you’re even remotely concerned about the source’s authenticity or motives in asking for your payment information, don’t provide it.

The takeaway: Home Depot may be the latest retailer to get caught up in a massive data breach. If you’ve shopped there recently, don’t panic. Just follow our tips above, and check back in often with the Nerds for updates.

Home Depot image via Shutterstock