Home Depot may be the latest retailer to suffer a credit card data breach.
The Atlanta-based home improvement retailer told The Associated Press Tuesday that it's looking into "unusual activity" and that it's working with both banks and law enforcement.
"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," said Paula Drake, a spokeswoman at Home Depot, declining to elaborate. She noted that if the retailer confirms that a breach occurred, it will notify customers immediately.
Shares of Home Depot Inc. fell 2 percent to $90.91 in late trading.
Many retailers have had security walls broken in recent months, including Target, grocery store chain Supervalu, P.F. Chang's and the thrift store operations of Goodwill.
The rash of breaches has pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.
The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported "evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards."
The Krebs report says that the responsible party may be the same group of Russian and Ukrainian hackers suspected in last year's massive breach at Target Corp.
Target, based in Minneapolis, has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores. In its massive data breach, 40 million credit and debit card accounts were compromised and hackers stole personal information from as many as 70 million customers. The breach hurt profits, sales and its reputation with shoppers.
At Supervalu, the data breach may have impacted as many as 200 of its grocery and liquor stores and potentially affected retail chains recently sold by the company in two dozen states. The breach occurred between June 22 and July 17, according to Supervalu.