Home Depot notified customers Saturday that their records had been hacked. In an email to consumers, Home Depot wrote:
Dear Valued Customer,
The Home Depot has discovered that a file containing your email address may have been taken during the payment card breach we announced in September. The file contained email addresses, but it did not contain passwords, payment card information, or other sensitive personal information. We apologize for this incident and for the inconvenience and frustration this may cause you.
In all likelihood this event will not impact you, but we recommend that you be on the alert for phony emails requesting personal or sensitive information. If you have any questions or would like additional information on how to protect yourself from email scams, please visit our website or call 1-800-HOMEDEPOT.
Again, we apologize for the frustration and inconvenience this incident may have caused. Thank you for your continued support.
The Home Depot
The cyber attack, which was reported earlier this year, was worse than originally thought and may affect as many as 53 million customer. This is the latest in high profile retailers who have faced online hackers breaking into customers’ information.
Tech reporter Mariella Moon with Engadget explained how the latest breach occurred:
Apparently, the high-tech thieves got a hold of a refrigeration contractor’s log-in credentials, which granted them entry into Home Depot’s computers. From there, they managed to worm their way into point-of-sale systems, mostly the self-checkout lanes, by taking advantage of a Windows vulnerability. That’s where they installed malware to harvest personal data: malware that remained undetected until the hackers got bolder and sold the victims’ credit card info during Labor Day this year. Both Microsoft and Home Depot claim they’ve already patched the holes in their system. The retailer said it’s also added tough encryption to customers’ payment data and that it plans to transition to chip-and-PIN technology in the near future.
One commenter to the Engadget article stated that this was the third credit card this year he has had to replace. Sadly, it may not be the last.
USA Today reported the email breach is in addition to hackers hitting credit and debit cards:
The company had announced in September that the massive data breach allowed criminals to harvest information from 56 million credit and debit cards in the United States and Canada.
The latest revelations Thursday arose from the company’s investigation. Another 53 million e-mail addresses were added to the list of compromised data.