View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 7, 2014

53m email addresses stolen in Home Depot data hack

Breach follows hacking of 56m debit and credit card details

By CBR Staff Writer

53 million email addresses have been stolen during the five-month data breach at US retail major Home Depot, in addition to the hacking of 56 million debit and credit card details previously disclosed.

The latest revelations follow a weeks-long probe into the hacking attack by the retailer, together with law enforcement officials.

While warning customers in US and Canada to be cautious about phishing scams, the retailer claims that the stolen files with email addresses did not have passwords, payment card data or other confidential personal data.

According to the US retailer, the hackers gained access to its network through a vendor’s user name and password and then stole data through malware on payment systems in the US and Canada.

Home Depot said in a statement: "The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the US and Canada."

"As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot’s security partners.

"As the company announced on September 18, the hackers’ method of entry has been closed off and the malware has been eliminated from the company’s systems."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Jason Hart, VP Cloud Solutions, SafeNet, commented: "This is yet another breach where hackers are not only targeting financial information, but personally identifiable information like email addresses that consumers hold dear. Security is only as strong as your weakest link and in this case it wasn’t even Home Depot but one of its vendors. Relying on simple passwords is a mistake. This massive breach reinforces why more companies need to implement multi-factor authentication not only for their own employees, but for third-parties that access their data and systems. Unfortunately, only a third of companies are doing this today."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.