Home Depot confirmed on Monday that its payment systems have been breached, and says the hack could affect customers who used credit and debit cards at its more than 2,000 U.S. and Canadian stores.

The largest U.S. home improvement chain says it has not found evidence that debit card PINs were compromised, and that online customers or shoppers at stores in Mexico are affected. The company did not say how many cards might be affected, said its investigation goes as far back as April. It disclosed a potential breach on Tuesday.

As of Feb. 2, Home Depot Inc. had almost 2,000 locations in the U.S. and 180 in Canada with about 100 more stores in Mexico. On the news, Home Depot shares fell 57 cents to $90.25 in aftermarket trading.

The home improvement chain is the latest retailer to have a data breach. Others include Target, grocer Supervalu, restaurant chain P.F. Chang’s and the thrift store operations of Goodwill. The breaches have rattled shoppers’ confidence in the security of their personal data.

In December, Target Corp. disclosed a massive data breach that resulted in the theft of 40 million debit and credit card numbers and the potential exposure of personal information of up to 70 million shoppers.

Forrester Research analyst John Kindervag said the Home Depot breach could affect similar numbers of shoppers or cards, noting that months’ worth of data may have been compromised.

“From what I’m hearing, people think this will be as big as Target or bigger,” he said in a telephone interview with The Associated Press.

Retailers, banks and card companies have responded to the breaches by increasing security by speeding the adoption of microchips in U.S. credit and debit cards. Home Depot plans to have chip-enabled checkout terminals at all of its U.S. stores by the end of this year.

The Atlanta company said its own IT department is looking into the breach and is working with outside firms, its banking partners, and the U.S. Secret Service. It added that customers will not be held responsible for fraudulent charges to their accounts.

The possible breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported “evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards” that went on sale on the black market earlier Tuesday.

Krebs said a preliminary analysis indicates the breach may have affected almost all of Home Depot’s U.S. stores.

The Target hack was described as the second-largest credit card breach in U.S. history and cost the company hundreds of millions of dollars in expenses as well as affecting its profit and sales.

Target’s chief information officer and CEO both stepped down in the months after the hack, and Kindervag noted that it remains to be seen how Home Depot will respond and how other businesses will deal with similar breaches in the future.

(AP)