The Latest: Equifax Data Breach

Warning: Home Depot data leak exposes thousands of customers’ personal information

|
Warning: Home Depot data leak exposes thousands of customers’ personal information
Image Credit: Dreamstime
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time on The Home Depot official website.

No financial data was part of the list, unlike the 2014 data breach in which hackers installed software that provided them with personal and financial information for 56 million Home Depot customers.

“This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014,” wrote the Comsumerist, a part of the Consumer Reports organization. “While the spreadsheets contained no credit card data, bank account information, or Social Security numbers — which are considered legally protected data — the level of transaction detail was extensive.”

Company spokesman Stephen Holmes said the information was taken down just as soon as it was discovered, although he wasn’t sure exactly when that occurred. “That happened a while ago,” he said.

Read more: UPS & FedEx warning: Beware of deliveries you didn’t order!

Home Depot data breach: Customers’ private info exposed online

The information was posted online through a combination of technical glitch and human error, Holmes said.

The lists in this case were hosted under the Home Depot web domain so they were accessible to the public. However, they would be seen only by someone who knew where to look.

Still, the fact that any customer data was listed on the web is a problem that “raises a variety of questions,” the Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”

Home Depot spokesman Holmes said there has been no indication thus far that anyone retrieved and misused the information.

Read more: Dangerous new ATM scam could empty your account

Brian Krebs, a cybersecurity expert who runs KrebsOnSecurity.com, told the Comsumerist that data such as names, addresses and customer service details could be used for “pretexting,” a scam in which crooks use the info to convince someone that they have a pre-existing relationship – and then uses that to get the more valuable information — like bank account and credit card info.

Krebs broke the story of Home Depot’s breach in 2014.

Customers who wanted to see if their information was in those spreadsheets can check by calling Home Depot’s main customer service line: 800-466-3337.

“We have 1.5 billion transaction a year, so the chances that somebody calls at random and they are on the list are pretty small,” Holmes said. “But if a customer calls, we’ll tell him if his information was there.”

Your iCloud account could be vulnerable to hackers!

Advertisement
Author placeholder image About the author:
  • Show Comments Hide Comments