CHINA TOPIX

12/22/2024 03:05:31 pm

Make CT Your Homepage

Home Depot Warns Customers vs Phishing after Hackers Steal 53M Email Addresses

Electronic payment station is shown at a Home Depot store in Daly City, California

(Photo : REUTERS/BECK DIEFENBACH/FILES) Electronic payment station is shown at a Home Depot store in Daly City, California

Besides recently losing 56 million credit/debit cards to thieves, Home Depot's website was also hacked in which 53 million email addresses of customers from its payment data systems were stolen. This latest incident makes it the largest retail credit card breach on record.

Having both the credit card numbers and the matching email addresses open the door for criminal syndicates to engage in phishing, Home Depot warned on Thursday. The breach would cost the retailer about $62 million, reports MSN.

Like Us on Facebook

Home Depot said the hack could be felt in the retailer's financial results for fiscal 2014's fourth quarter.


Home Depot confirmed in September the loss of the credit cards, but said then that filched items did not contain email addresses, passwords, payment card data and other vital personal information. The world's biggest home improvement chain said that the theft was done using a third-party vendor's user name and password to gain entry to its network.

This was followed by the hackers' acquisition of elevated rights that permitted them to go through the different part of the retailer's network and "deploy unique, custom-built malware on its self-checkout systems in Canada and the U.S."

While the September theft resulted in Home Depot using enhanced encryption systems covering all its payment data in U.S. store and the Canada rollout scheduled for completion by 2015, a security expert pointed out that Home Depot's initiative was not enough. It should have added chips and PINs or EMV technology to its credit cards in the U.S., said SendGrid Chief Security Officer David Campbell. SendGrid is a cloud-based email delivery service.

Hackers had previously hit Target in 2013 when they stole payment card numbers of at least 40 million accounts and 70 million other customer data. Target, however, has learned its lessons and put in place measures to address the segmentation problems. But Home Depot apparently didn't learn from the first incident out of the mistaken belief that the problem was not with its network design.

Then Home Depot Chief Executive Frank Blake admitted to The Wall Street Journal in October, "If we rewind the tape, our security systems could have been better ... Data security just wasn't high enough in our mission statement."

Blake, who had retired as CEO but remains chair of the retail chain's board of directors, added, "The irony was not lost on us .... We believed we were doing things ahead of the industry. We thought we were well-positioned."

Real Time Analytics