More bad news for Home Depot. Almost two months after revealing details of a security that involved the theft of information linked to 56 million customer payment cards, the company said Thursday it’s now discovered the incident was more damaging than first thought, as 53 million email addresses belonging to its customers were also taken.
The company insisted the stolen files did not contain passwords or other sensitive personal information, and said it would be contacting affected customers, all of whom are located in the US and Canada.
However, it warned those who’ve shopped at its stores to be on the lookout for phishing scams, which attempt to trick people into providing personal information via fake emails.
The retail giant said that its investigation showed that cybercriminals had gained access to the perimeter of Home Depot’s computer network through the use of a third-party vendor’s username and password.
“The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the US and Canada,” the company explained in a news release.
Home Depot discovered the security breach in September. Its research revealed that cybercriminals had been harvesting customer-related data from in-store point-of-sale systems from April this year until the start of September.
When the breach was uncovered, Home Depot CEO Frank Blake apologized to customers, at the same time reassuring them that they wouldn’t be liable for any fraudulent charges.
But Home Depot isn’t the only company affected by this malware – the Department of Homeland Security said recently that up to a thousand US companies and organizations could have the same malicious software – or variants of it – on their computer systems without realizing, and recommended that all businesses which use such systems to run thorough checks.
Home Depot’s breach is even bigger than the one that hit Target last year involving 40 million credit and debit cards. And other big names have been hit recently, too, including The UPS Store, Michaels, SuperValu, and PF Chang’s restaurants.
- 500px reveals almost 15 million users are caught up in security breach
- Marriott suffers a massive breach of its guest records. Here’s how to protect yourself
- Data breach compromises 773 million records, 21 million passwords
- After fourth attack, hacker puts personal records of 26M people up for sale
- What is phishing? Here’s everything you need to know