Home Depot said Thursday the data breach of its systems affected as many as 56 million customer payment cards between April and September.
"Criminals used unique, custom-built malware to evade detection," the home improvement retail giant said in a statement.
"The malware had not been seen previously in other attacks, according to Home Depot's security partners. The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards."
The incident could be one of the largest data breaches on record and follows a similar case involving Target, which disclosed last December that hackers gained access to credit card data for 40 million customers and to additional personal and identification information for 70 million others.
Home Depot said the matter is still under investigation, and that it has now eliminated the malware from its systems.
"To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements," the statement said.
"The hackers' method of entry has been closed off, the malware has been eliminated from the company's systems, and the company has rolled out enhanced encryption of payment data to all US stores."
Computer security researcher Brian Krebs broke the news this month that hackers had put on sale stolen credit and debit cards that apparently came from the retailer.
Krebs reported that Home Depot had been hit by a variant of the same malware that infected retail giant Target.
The retailer has offered free identity protection services to any customer who used a payment card at a Home Depot store from April of 2014.
Home Depot calls itself the world's largest home improvement retailer, with 2,265 retail stores in the US, Canada and Mexico. It had annual sales last year of $78.8 billion.