According to reports, the latest breach is assumed to be much larger than the December 2013 breach at Target stores, where hackers stole around 40 million card numbers.
The breach that could have happened between April and September and might have affected 2,200 US stores, came to light only on 2 September. The retailer confirmed that on 8 September.
According to Home Depot’s security partners Symantec and FishNet Security, criminals used customized malware to avoid being detected and it was also not seen previously in other attacks.
Meanwhile, the company said in a statement: "The malware used in its recent breach has been eliminated from its US and Canadian networks.
"The company also has completed a major payment security project that provides enhanced encryption of payment data at point of sale in the company’s US stores, offering significant new protection for customers."
In the wake of the incident, the retailer has already rolled out enhanced encryption of payment data at all its US stores and is issuing the same at its Canadian stores. It is expected to be complete by early 2015.