Home Depot BreachThe massive data breach at Home Depot is being followed by a spike in fraudulent withdrawals from ATMs, as reported by Brian Krebs, tech blogger extraordinaire.

Stolen debit card data is being used to create counterfeit cards — and “multiple financial institutions” report that thieves are able to change the PIN numbers, allowing criminals access to bank accounts, Krebs wrote Monday.

Krebs is a former Washington Post reporter who broke the news of the Target data breach last year and the Home Depot one last week.

On Monday, Home Depot confirmed that thieves had broken into its payment-card system, starting in April and continuing at least until August. The breach appears to have affected more than 2,000 Home Depot stores across the United States and Canada.

Cybercriminals appear to have stolen millions of card numbers, customers’ names and other information from Home Depot shoppers. Home Depot said Monday “there is no evidence that debit PIN numbers were compromised” in the breach.

Home Depot didn’t reveal how many customers had their card-data stolen, but some experts believe it’s even larger than the 40 million cards stolen in the two-week holiday season Target breach last year.

The U.S. Department of Homeland Security estimates that payment networks are so badly compromised that more than 1,000 U.S. merchants large and small have been hit with security breaches in the past year.