Home Depot HackHome Depot says it has now eliminated the malware used in a recent data breach at its U.S. and Canadian operations, and that the hackers put about 56 million payment cards at risk.

The home-improvement retailer announced that it has enhanced encryption of payment data at point of sale at its U.S. stores and will roll out a similar enhancement in Canada in early 2015 (sorry Canadians – you have to wait!). The malware was present between April and September of this year.

Former members of the company’s cybersecurity teams spoke to the New York Times, and said that The Home Depot was slow to respond to vulnerabilities, and shrugged off warnings that it would be easy prey for hackers. Former employees also said that the company used outdated security software, which led to some of them even warning friends to use cash instead of credit cards at Home Depot stores.

Then, in 2012, Home Depot hired a computer engineer to help oversee security at its 2,200 stores. But this year, as hacks struck other retailers, that engineer was sentenced to four years in prison for deliberately disabling computers at the company where he previously worked.

You can’t make this stuff up! ;-)

The company however says it still expects 2014 sales growth of about 4.8%, and raised its per-share earnings outlook to $4.54, up from earlier guidance of $4.52. Shares eased 0.2% in after-hours trade and are up 11.8% in the year to date, while the S&P 500 has gained 8.8%.