NEW YORK ( TheStreet) -- A possible data breach at Home Depot ( HD) may have been much bigger than the one at Target ( TGT) last year, according to security expert Brian Krebs, with malware infecting terminals at all of Home Depot's stores and data offered for sale that included stores' zip codes.
After learning of a possible breach from banks, Krebs found stolen numbers at a site called Rescator that had also offered stolen numbers from previous breaches, including the one at Target. He matched the zip codes in card numbers flagged by the banks to a list of Home Depot locations and got a 99.4% overlap.
>>Read More: 8 Stocks George Soros Is Buying in 2014
Home Depot said in a statement sent to TheStreet that it has been working on reports of a breach since Tuesday and that it has "no higher priority" than gathering the facts in the case. It said customers will not be held liable for fraudulent charges. The company, though, hasn't confirmed a breach. It is investigating whether a breach has occurred.
On Tuesday morning, Home Depot shares traded as high as $92.75. Since then, the shares have fallen to Thursday's morning's opening price of $89. The stock was recently trading at $89.93, up 1%.
The breach that hit Target last year cost an estimated $148 million, and the company's CEO and head of security lost their jobs. The stock has not recovered to its pre-breach price.