What You Need to Know About The Home Depot, Inc.'s Payment Data Breach

Home Depot, just confirmed a massive payment data systems breach.

If you've shopped at The Home Depot over the past five months , you'd better check your bank statements. Because on Monday, the home improvement retailer confirmed its payment data systems at brick-and-mortar stores in the U.S. and Canada have suffered a breach dating as far back as April 2014.

To its credit, The Home Depot says there is no evidence of debit PIN numbers being compromised, and this doesn't affect customers who shopped at its stores in Mexico or online at It's also aggressively working to foster goodwill with consumers by offering free identity protection services, including credit monitoring, and insists no customers will be held liable for fraudulent charges.

Echos of Target's massive breach

At the same time, the news also arrived a full six days after security blog KrebsOnSecurity first reported signs of the potential breach. Specifically, the blog claims sources close to the investigation say the breach appeared to stem from a new variant of the malware responsible for exposing 40 million debit and credit card accounts at Target over a three-week period last year. What's more, the cards in question first turned up for sale roughly a week ago in multiple batches on the same underground cybercrime website that sold Target's stolen data.

However, KrebsOnSecurity warns, given the comparatively long time span during which this malware has apparently been siphoning data from The Home Depot's systems, this new breach "could be many times larger than Target."

This is going to be expensive

So what does that mean for Home Depot? First and foremost, this will likely be really, really expensive.

Target, for example, has already incurred $236 million in gross expenses since its own debacle unfolded in the fourth quarter of last year. Of course, Target's insurance chipped in $90 million to take away some of that sting, bringing its total net breach-related expenses so far down to "just" $146 million. What's more, Target expects the claims to continue going forward, though management insists they are not estimable. That's also not to mention the breach undoubtedly played at least a partial role in the resignation of Target's CEO in May.

Home Depot's credit card penetration could suffer.

And that's not the only way these breaches damage retailers. Target has also seen a slower trend in debit REDcard applications since the breach. This, in turn, has led to slower growth in REDcard sales penetration, which stood at 28.8% during Target's second quarter. It seems reasonable, then, to expect a similar trend will unfold for penetration of Home Depot's private label credit card portfolio, which stood at 23.2% as a percentage of total sales last quarter.

Unlike Target, however, Home Depot uses its credit cards primarily as a financing tool to secure big-ticket purchases. If consumers and contractors aren't comfortable using those cards or applying for new ones going forward, it could easily affect Home Depot's top and bottom line in a big way.

Foolish bottom line

Home Depot says it "continues to determine the full scope, scale, and impact of the breach." So unfortunately, short of knowing this will be a long, expensive battle, it's virtually impossible at this point to precisely estimate the extent of the fallout. For now, investors will need to hurry up and wait for the next update from the home improvement retail juggernaut.

Top dividend stocks for the next decade

The smartest investors know that dividend stocks simply crush their non-dividend paying counterparts over the long term. That's beyond dispute. They also know that a well-constructed dividend portfolio creates wealth steadily, while still allowing you to sleep like a baby. Knowing how valuable such a portfolio might be, our top analysts put together a report on a group of high-yielding stocks that should be in any income investor's portfolio. To see our free report on these stocks, just click here now .

The article What You Need to Know About The Home Depot, Inc.'s Payment Data Breach originally appeared on

Steve Symington has no position in any stocks mentioned. The Motley Fool recommends Home Depot and Nike. The Motley Fool owns shares of Nike. Try any of our Foolish newsletter services free for 30 days . We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy .

Copyright © 1995 - 2014 The Motley Fool, LLC. All rights reserved. The Motley Fool has a disclosure policy .

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

In This Story


Other Topics