[richardowright]

It seems to me like the breach may still be ongoing/the vulnerability may still exist. In the announcement, they use "have been" as in its actively occurring. Additionally, in the press release (http://ir.homedepot.com/phoenix.zhtml?c=63646&p=irol-newsArt...), they don't indicate that the breach has stopped; they only say they have taken aggressive action.

It seems unlikely that the attack would continue since the attackers have lost their cover, but the wording is a bit strange.

[heywire]

I also found it strange how they worded things around the identity protection, "from April on", rather than something like, "From April XX, 2014 until September XX, 2014". Perhaps they just simplified the wording to make it clear that they're providing protection, and I'm reading too far into things :)