Home Depot’s data breach, which put about 56 million payment cards at risk, has fed fraudulent transactions that in some cases have drained money from customer bank accounts, the Wall Street Journal reported.

Stolen information on credit and debit cards has been used to buy prepaid cards, electronics and groceries, the newspaper reported yesterday, citing unidentified people familiar with the attack’s fallout.

The amount and types of fraud are about the same as in other big breaches, the publication cited the people as saying.

Home Depot, the world's largest home-improvement chain, announced it was looking into "suspicious activity" on Sept. 2, the day it learned from banks and law enforcement that criminals may have obtained data.

The retailer released an estimate for affected cards last week, saying hackers’ software may have infected its systems from April to this month and that it expects to pay about $62 million this year to deal with the incursion, with some covered by insurance.

“There is no evidence that debit PIN numbers were compromised,” the Atlanta-based company said.

Financial institutions often are first to detect hacks at retailers by tracing increased fraud tied to cards used at a common source. Bank investigators have spotted card information being fenced on black market websites, according to the security blogger Brian Krebs, who first reported the breach.

Criminals sometimes buy numbers, then manufacture fake cards they use to purchase gift cards and goods that can be resold. Breaches can be especially burdensome for small banks as they cover fraud costs and reissue cards, said Viveca Ware, who handles regulatory policy at the Independent Community Bankers of America trade group in Washington.

“We’re not happy that our institutions continue to incur costs related to breaches that they’re not responsible for,” she said. “We’d like to see a more efficient and timely restitution process.”

Bloomberg