Home Depot says about 53 million email addresses stolen in breach

Thu Nov 6, 2014 11:55pm EST
 
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

By Devika Krishna Kumar

(Reuters) - Home Depot Inc, the world's largest home improvement chain, said hackers stole about 53 million email addresses in addition to customer data for 56 million payment cards previously disclosed by the retailer.

The company, which confirmed the breach in September, said the files that contained the email addresses did not include passwords, payment card information or other sensitive personal information.

Home Depot, which had estimated that the theft would cost about $62 million, was one of a string of U.S. retailers attacked by hackers over the past year.

Criminals used a third-party vendor's user name and password to enter the perimeter of its network, Home Depot said in a statement on Thursday.

The hackers then acquired "elevated rights" that allowed them to navigate parts of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada, according to the company.

Home Depot said the stolen credentials did not alone provide direct access to the company's point-of-sale devices.

Since September, the company has implemented enhanced encryption of payment data in all U.S. stores and said the rollout to Canadian stores will be completed by early 2015.

This, however, was "really lipstick on a pig" and the proper solution was to add chip and PIN, or EMV technology, to U.S. credit cards, said David Campbell, chief security officer at SendGrid, a cloud-based email delivery service.   Continued...

 
A Home Depot location is seen in Evanston, Illinois, May 19, 2014. REUTERS/Jim Young