Home Depot update: Breach could have affected 56 million cards

The Home Depot confirmed late Thursday afternoon that the malware that breached its payment systems was now erased, and that the breach is now thought to have affected as many as 56 million cards.

“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”

Home Depot also reported back on other specific findings of the investigation, which it conducted with the help of IT security firms, banking partners and the Secret Service.

One, the breach occurred through the use of custom-built malware, which was able to bypass normal security checks. This was unique malware that had never been used before in other attacks.

Additionally, the malware was reportedly active between April and September of 2014.

As part of its investigation and recovery effort, the retailer also wrapped up an initiative to enhance the encryption of payment data at point of sale throughout U.S. stores. Canadian locations will have the new systems up and running by early next year.

In the meantime, terminals infected with malware have been taken out of service, and the method of entry for the hackers was closed off.

For the time being, it does not seem as though any PIN numbers were compromised, or that the breach reached Mexico or any online customers.