On Sept. 1 last year, the website Rescator, known as the “Amazon.com of the black market,” alerted its customers that huge quantities of stolen debit and credit card data would go on sale the next day.

“Load your accounts and prepare for an avalanche of cash!” the website urged.

The next day, two batches of cardholder data were reportedly sold, according to legal documents. The website claimed the cards were 100 percent valid and working. Demand was so high that the website temporarily crashed. Over the next few days, several more batches of card data were sold.

On Sept. 8, Home Depot issued a news release admitting its data systems had been breached.

By then, the damage had been done. Approximately 56 million sets of card data had been stolen, some of which were sold on the black market and remained valid for several days. At a small credit union in California, fraudulent charges of more than $100,000 were posted in just three minutes after the card information was sold on the black market. A bank reported $300,000 in suspicious charges in two hours to the security blog Krebs on Security, which connected Home Depot with the stolen cards before the retailer did.

“With the Home Depot data breach, we weren’t even told for days that it existed. That it had happened,” said Diana Dykstra, the chief executive of the California and Nevada Credit Union Leagues. “We didn’t know that the cards had been sold on the black market. It hit credit unions and small banks really hard.”