Home Depot breachHome improvement chain Home Depot has confirmed today that it has suffered a security breach with the payment data systems in its retail stores. This breach started in April 2014 and lasted up until August. Customers who paid with a credit or debit card in stores in the U.S. and Canada during this time period may be affected. On the bright side, if you shopped online or in Mexico, you are safe.

When did Home Depot first learn of the breach?

The company first announced on September 2, 2014, that it was investigating a possible breach. Around the same time, credit cards with zip codes matching up with Home Depot stores were found for sale on a Russian black market website that sold many of the cards stolen in Target’s 2013 breach. We don’t know all the details yet, but according to security expert Brian Krebs, the malware used in this attack is similar to what was used in the Target attack.

What is Home Depot doing to fix this?

Following the response pattern set by other retailers in the wake of a security breach, Home Depot is offering its customers free identity theft protection. The company is partnering with AllClear ID to offer its AllClear ID PRO protection program to all customers who shopped at Home Depot between April and September. To take advantage of this offer, all you have to do is visit the AllClear ID website and provide your name and email address. Information on how to get set up with the year of service will be emailed to you at the address provided. Even though it is free for you, AllClear ID may not be the best identity theft protection service out there. We encourage you to read our identity theft reviews to see what the top-rated services can offer in the wake of this and other data breaches.

How can I protect myself during this Home Depot breach?

If you are concerned that your payment card may have been compromised, you have options! The steps below will help keep you safe whether your card data was stolen or not. It’s better to be safe than sorry, right?

1. Request a new card from your card issuer. Thousands of stolen cards are already on sale on the black market. At this point, if you shopped at Home Depot during the time period of the breach, it would be wise to request a new card. It might a bit of a pain to do, but the risk of fraudulent charges being placed on your card is removed if that information is no longer valid. Some card companies might be reluctant to send a new card if you haven’t had any fraudulent activity, but you may be able to convince them with a little persistence.

2. Watch out for phishing attempts. Unfortunately, scammers and thieves enjoy taking advantage of bad situations like this and make them worse. Be wary of suspicious phone calls or emails offering identity theft protection. AllClear ID and Home Depot have stated they will not be sending emails or calling customers. If you receive a fishy phone call, don’t give out any of your information. Also avoid clicking links in any emails you receive. Instead, you should always go directly to the company’s website itself to get more information.

3. Carefully monitor your card statements. This is a big one, and it can make the difference between catching fraud early or too late. Since this particular breach went unnoticed for such a long period of time, it is a good idea to get a copy of your statements dating back to April and look through them carefully. Follow up on any charges that seem unfamiliar — even small ones under $10. Thieves who purchased stolen card data from the 2013 Target breach tested to see if the cards were still valid by placing a $9.84 charge. Fraudsters do this in hopes that the card owners won’t notice such a small amount among their other charges. Notify your card company or bank immediately if you see anything amiss.

Home Depot has assured customers that they will not be responsible for any fraudulent charges that result from this breach. Although the company’s efforts are commendable, it is important for consumers to be proactive in protecting themselves when a breach like this has happened. Following the steps above and using a reputable identity theft protection service are some of the best ways to ensure you can rest easy.