Skip to main content

Home Depot: Cybercriminals also stole 53m email addresses in recent attack

home depot security breach settlement
Mike Mozart/Flickr
More bad news for Home Depot. Almost two months after revealing details of a security that involved the theft of information linked to 56 million customer payment cards, the company said Thursday it’s now discovered the incident was more damaging than first thought, as 53 million email addresses belonging to its customers were also taken.

The company insisted the stolen files did not contain passwords or other sensitive personal information, and said it would be contacting affected customers, all of whom are located in the US and Canada.

Related Videos

However, it warned those who’ve shopped at its stores to be on the lookout for phishing scams, which attempt to trick people into providing personal information via fake emails.

The retail giant said that its investigation showed that cybercriminals had gained access to the perimeter of Home Depot’s computer network through the use of a third-party vendor’s username and password.

“The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the US and Canada,” the company explained in a news release.

Apology

Home Depot discovered the security breach in September. Its research revealed that cybercriminals had been harvesting customer-related data from in-store point-of-sale systems from April this year until the start of September.

When the breach was uncovered, Home Depot CEO Frank Blake apologized to customers, at the same time reassuring them that they wouldn’t be liable for any fraudulent charges.

Others hit

But Home Depot isn’t the only company affected by this malware – the Department of Homeland Security said recently that up to a thousand US companies and organizations could have the same malicious software – or variants of it – on their computer systems without realizing, and recommended that all businesses which use such systems to run thorough checks.

Home Depot’s breach is even bigger than the one that hit Target last year involving 40 million credit and debit cards. And other big names have been hit recently, too, including The UPS Store, Michaels, SuperValu, and PF Chang’s restaurants.

Editors' Recommendations

Google will charge law enforcement and government agencies to access user data
Google's Logo

Google has begun charging law enforcement for access to user data, according to a report by the New York Times. The company is levying fees of $45 for a subpoena, $60 for a wiretap, and $245 for a search warrant, according to documents reviewed by the NYT.

The company receives a high volume of requests from law enforcement agencies to hand over data about its users and has therefore decided to bring in charges to "offset the costs" of compiling this data. According to the report, Google is legally allowed to levy these charges but traditionally big technology companies have handed over data without any charges.

Read more
Cyberattack forces 38,000 students to physically stand in line for new passwords
password-typing

Around 38,000 students at a university in Germany have been told to physically line up for a new email password after the university's servers were targeted by hackers.

Justus Liebig University (JLU) in Giessen, near Frankfurt, was hit by a malware attack earlier this month, prompting its IT staff to shut down all of its computer systems, ZDNet reported. The incident is currently being investigated by Germany's Research Centre for Cyber Security, though information about the specific nature of the malware attack has yet to be disclosed.

Read more
Macy’s confirms hackers stole customer data from its website
macys confirms hackers stole customer data from its website macy s store in midtown manhattan

Macy’s says it’s been hit by a “highly sophisticated and targeted data security incident” that affected “a small number” of its customers.

The data breach, which stole information from customers as they shopped on Macy’s online shopping site, took place between October 7 and 15, 2019. Those affected have been notified and will be updated on developments, Macy’s told Digital Trends by email.

Read more