The latest major cyberattack on a top U.S. retailer employed a variant of the malware that hackers used to break into the network  of Target Corp. last December, according to influential security blogger Brian Krebs. The holiday season heist saw the assailants take off with sensitive personal information belonging to approximately 70 million customers of the Minneapolis-based discount chain, making the breach one of the biggest in recent years.

No official figures have been disclosed for the most recent incident, but outsiders say there are clear signs that it is similar in scope to the Target hack.  Krebs wrote on his blog that the ZIP codes included in a massive trove of financial data recently put up for sale on underground cybercrime shop Rescator map out to Home Depot Inc.’s 2,000-plus locations with more than 99.4 percent accuracy. Rescator is the same website where the  credit card numbers obtained in the Target attack first showed up.

The results have been  corroborated with a number of other parties, he noted, including International Computer Science Institute (ICSI) researcher Nicholas Weaver.  Krebs offered more details on the incident in a follow-up post published over the weekend, citing “sources close to the investigation” into the breach as saying that the attack utilized a variant of malware used to bypass the home improvement chain’s defenses in order to target Home Depot.

Like the original version, the virus employed a RAM scraper to lift credit card numbers from the memory of Windows point-of-sale systems before they could encrypted. The underlying technology was around long before either attack, and Visa Inc. even issued warning to major retailers that RAM scraping may be used against them in the months leading up to the Target breach. But those warnings evidently weren’t uniformly heeded.

Krebs wrote that “clues buried within this newer version” suggest it took several months for the hardware chain to pick up on the breach, speculation Home Depot CEO Frank Blake confirmed in a statement this morning. He revealed the hackers first gained access to company systems in April but he didn’t divulge any other specifics.

Target came under criticism at the time for not revealing enough information about the scope of the attack. It initially stated that 40 million customers were compromised and then raising the number to 110 million before finally settling on the 70 million figure. Home Depot, in contrast, is apparently trying to keep up a tight lid on the investigation until the the full picture emerges. But details of the breach are already starting to leak out. The New York Times cited an anonymous insider as saying that the number of credit card numbers stolen from  the company could top 60 million.

photo credit: Will Montague via photopin cc