The Home Depot has confirmed hackers successfully broke into its systems, compromising as many as 56 million customers' card details.
The company confirmed the breach in a message to customers on its site, revealing that the hackers had used a "previously unseen malware" to evade its security systems. The payment card details are believed to have been stolen between April and September 2014.
Home Depot began investigating reports that its systems had been compromised on 2 September. The firm said the investigation has found no sign the hackers managed to steal the debit PIN numbers and promised customers it has purged its systems of the malware.
Home Depot chairman and CEO Frank Blake promised victims they would not be liable for fraudulent charges to their cards. "We apologise to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges," he said.
"From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so."
The firm has also rolled out new security technology designed to encrypt payment data at point of sale in the US in a bid to block future attacks. The technology reportedly "scrambles" the data to make it unreadable to hackers.
Home Depot is one of many firms to suffer data breaches over the past year. The Information Commissioner's Office (ICO) began investigating an alleged data breach that reportedly saw BT expose huge numbers of user credentials in March.
The chief executive of US retail giant Target Gregg Steinhafel stepped down from the company in May, in the wake of a high-profile data breach that affected around 70 million customers.
Global security strategist at Rapid7 Trey Ford highlighted the breach as proof that hackers are developing increasingly sophisticated attack tools, and warned that he expects to see similar attacks in the near future.
"This is why big box retailers are great targets for sophisticated, well-resourced cyber criminals. They are able to invest time in researching their targets to find a way into the network. Once they're in, they stay quiet and fly unobserved under the radar, potentially for months at a time," he said.
"It's really hard for organisations to detect them in many cases because they can be using stolen account details and look like a bona-fide user. It's well worth the planning and patience involved for the attacker when the potential pay day is this significant."
Ford is one of many security professionals to warn of the increased cyber risk facing firms.
Managing director of cyber security at BAE Systems Applied Intelligence Scott McVicar told V3 earlier in September that technology alone will not deal with the increased threat, and argued firms will need to begin sharing threat intelligence if they hope to ward off future attacks.
Campaigners want US authorities to break-up Instagram, WhatsApp and Messenger into separate companies
The perception of the industry as "a white man in a hard hat" is limiting new applicants, says Hayaatun Sillem
Almost two years late - and just as AMD is readying 7nm Zen 2 for early 2019
Eye-wateringly expensive smart speakers take just six per cent market share, claims Strategy Analytics