(Reuters) - Home Depot Inc (HD.N) said on Thursday that data could have been stolen from 56 million payment cards by criminals who used malware from April to September to hack into its systems at stores in the United States and Canada.
The world's largest home improvement chain said the malware, which was custom-built to evade detection, has been removed from its U.S. and Canadian stores.
Home Depot started investigating the breach from Sept. 2 after security website Krebs on Security reported that all of the retailer's U.S. stores may have been affected by data theft.
"We apologise to our customers for the inconvenience and 'anxiety this has caused and want to reassure them that they will not be liable for fraudulent charges," Home Depot's chairman and chief executive officer, Frank Blake, said in a statement.
The company said it estimates costs related to the data breach, including providing credit monitoring services to its customers, increasing call centre staffing, and the cost of legal and professional services, at $62 million (37.69 million pounds), partially offset by reimbursable costs and insurance coverage totalling $27 million.
It said there could be other costs related to probable losses from the breach.
Reporting by Nandita Bose in Chicago and Shailaja Sharma in Bangalore; Editing by Leslie Adler