Security blogger Brian Krebs posted today that a new trove of credit card data was put up for sale on an underground web site, this time (allegedly) from credit cards used at Home Depot.
According to the post, the dates when card details were stolen go back to May or even April of this year, implying that the size of the theft could be even larger than the recent record-breaking data leak at Target.
The loss of the card information has not yet been confirmed by Home Depot itself. A spokesperson there said, "Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers."
The story is still developing, but it looks like a further risk for both consumers and merchants that credit card data may be available to thieves, and vulnerable to fraud attempts.
It's very inconvenient to credit card users, who must often get cards reissued, set up recurring payments again, and review their statements extra-carefully to check their cards weren't used by thieves.
The leak adds further danger to merchants who accept credit cards, as it opens up new attack options for fraudsters: a wider range of identities that can be stolen, and used to order goods and services, which merchants will end up paying for in losses, chargebacks and fees.