Share story

SAN FRANCISCO — There are two tracks to finding the identity of a company that has been hit by cybercriminals. Both of them involve going backward.

Over the past few days, thousands of fresh credit- and debit-card numbers have surfaced on so-called carding sites, which are websites where stolen credit-card data is sold. On those sites, Eastern European hackers are selling the stolen account information of people in cities as distant as Mission Viejo, Calif., and Hanover, N.H. They are charging as much as $50 per card.

Bank employees, computer-security companies and police are tracing the path taken by the stolen cards. So far, all roads point back to Home Depot. And if the evidence uncovered so far proves to be valid, the hack could top the record-setting breach of Target’s network in December.

Investigators are searching for what they call “a common point of purchase” among the cards.

This week, save 90% on digital access.

Bank employees are able to identify stolen cards simply by examining the first six digits of the card, which are known as the Bank Identification Number, or BIN. They are buying back card numbers and cross-referencing the transactions of those cards in search of one common retailer.

On Wednesday, Brian Krebs, the security blogger who first reported the potential breach of Home Depot, said that there was a 99.4 percent overlap between ZIP codes listed in a collection of stolen account numbers on an Eastern European carding site, called Rescator, and Home Depot’s store locations.

That means the breach could affect most of the retailer’s 2,200 stores, which is about 400 more than the Target breach.

Home Depot, based in Atlanta, has not confirmed that it was the victim of a cyberattack, only that it was investigating “unusual activity.”

Custom-curated news highlights, delivered weekday mornings.