US home improvement chain Home Depot said Tuesday it was investigating a possible attempt to hack its computer systems that may have targeted customer data.
The company said it was working with law enforcement officials to determine if there was a breach, after computer security expert Brian Krebs reported that hackers had put on sale stolen credit and debit cards that apparently came from the chain.
"I can confirm that we're looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," Home Depot said in a statement.
"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately."
Krebs, on his KrebsonSecurity website, reported that a number of banks had said they saw evidence that Home Depot was the source of a "massive" batch of card data that was put up for sale early Tuesday on the Rescator website, which regularly offers stolen cards for sale.
He said the banks think the breach could go back to April or May.
"There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and PF Chang's, among others," Krebs said.
Krebs said the new batch of cards listed for sale on Rescator was labeled "American sanctions," which he said "can only be interpreted as intended retribution for US and European sanctions against Russia for its aggressive actions in Ukraine."