The Home Depot has confirmed hackers successfully broke into its systems, compromising as many as 56 million customers' card details.
The company confirmed the breach in a message to customers on its site, revealing that the hackers had used a "previously unseen malware" to evade its security systems. The payment card details are believed to have been stolen between April and September 2014.
Home Depot began investigating reports that its systems had been compromised on 2 September. The firm said the investigation has found no sign the hackers managed to steal the debit PIN numbers and promised customers it has purged its systems of the malware.
Home Depot chairman and CEO Frank Blake promised victims they would not be liable for fraudulent charges to their cards. "We apologise to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges," he said.
"From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so."
The firm has also rolled out new security technology designed to encrypt payment data at point of sale in the US in a bid to block future attacks. The technology reportedly "scrambles" the data to make it unreadable to hackers.
Home Depot is one of many firms to suffer data breaches over the past year. The Information Commissioner's Office (ICO) began investigating an alleged data breach that reportedly saw BT expose huge numbers of user credentials in March.
The chief executive of US retail giant Target Gregg Steinhafel stepped down from the company in May, in the wake of a high-profile data breach that affected around 70 million customers.
Global security strategist at Rapid7 Trey Ford highlighted the breach as proof that hackers are developing increasingly sophisticated attack tools, and warned that he expects to see similar attacks in the near future.
"This is why big box retailers are great targets for sophisticated, well-resourced cyber criminals. They are able to invest time in researching their targets to find a way into the network. Once they're in, they stay quiet and fly unobserved under the radar, potentially for months at a time," he said.
"It's really hard for organisations to detect them in many cases because they can be using stolen account details and look like a bona-fide user. It's well worth the planning and patience involved for the attacker when the potential pay day is this significant."
Ford is one of many security professionals to warn of the increased cyber risk facing firms.
Managing director of cyber security at BAE Systems Applied Intelligence Scott McVicar told V3 earlier in September that technology alone will not deal with the increased threat, and argued firms will need to begin sharing threat intelligence if they hope to ward off future attacks.
HP and Centrica are the first industry partners to sign up to the government's new Code
New ice grows faster but is also more vulnerable to weather and wind
With a crackdown on cheats is coming in November, PUBG rushes to fix matchmaking problems introduced in Update #22
New material uses carbon dioxide from the air to repair and reinforce itself