How the Home Depot Credit-Card Breach Affects Small Contractors

Photograph by Andrew Harrer/Bloomberg

Home Depot confirmed on Sept. 8 what’s been reported since the beginning of the month: Hackers breached its computer systems earlier this year, leaving millions of customers potentially exposed to credit- and debit-card theft.

As in last year’s Target data breach, thieves appear to be selling stolen data on an online black market called Rescator. Following Target’s lead, Home Depot is offering free credit-monitoring services to customers who may have been affected—in this case, customers who have used a credit or debit card at its its U.S. or Canadian stores since April.

The hack may have disproportionately affected small business owners: Professional builders and contractors account for as much as 40 percent of Home Depot sales and 4 percent of the chain’s total customers, according to Drew Reading, an analyst for Bloomberg Intelligence. The New York Times reports that the number of card numbers stolen could top 60 million.

For business owners who use the company card to pay for materials at Home Depot, the playbook is much the same as for consumers, says Odysseas Papadimitriou, founder of the website CardHub. Check your statements for suspicious activity, call your credit-card company, and monitor your personal credit reports. Business credit cards are generally tied to the owner’s Social Security number, so fraudulent purchases should show up on a personal credit check.

Federal law, as with consumer cards, offers strong protections for business owners whose data has been pilfered. When card numbers are stolen but the owner still has possession of the plastic, the cardholder shouldn’t be liable for damages. The same is true for debit cards.

Monitoring for fraud is the cardholder’s responsibility. That can be trickier for business owners who have issued cards to multiple workers. “Maybe your policy was, you don’t check transactions for less than $5,000,” Papadimitriou says. “Now you want to check it.”

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE