53 million email addresses stolen in Home Depot breach

53 million email addresses stolen in Home Depot breach

Home Depot logo and email iconIn addition to the 56 million credit cards exposed in the recent breach at Home Depot, investigators have now revealed that more than 53 million email addresses were stolen too.

The company, which confirmed the breach of its payment data systems in September, said that a joint investigation by its own staff, law enforcement and third-party IT experts had discovered that separate files containing emails had been stolen but that no passwords, personal information or additional payment card information had been compromised.

A statement released by the company detailed how the breach was accomplished.

Much like Target where 40 million payment cards and 70 million other personal records were compromised, the attack was initiated via a third party whose login credentials had been compromised.

That level of access was insufficient to access Home Depot’s payment systems directly but it did allow the hackers to gain a foothold within the network from where they were able to acquire elevated rights and deploy custom malware on its self-checkout systems in the US and Canada.

Home Depot said it has now blocked the hackers’ point of entry and removed all traces of their malware from its systems.

It has also implemented new security measures including “enhanced encryption” of payment data within all of its US outlets, though some Canadian stores will have to wait until early 2015 to receive the same level of additional protection.

Home Depot also revealed that chip-and-PIN technology is being rolled out to all of its stores.

Canadian customers are already accustomed to the additional protection afforded by chip-and-PIN as it has been in use since 2011 but stores in the US are still being upgraded to the new system which the company says will be fully in place before “the payment industry’s deadline.”

Despite the breach, Home Depot said that it still expects to achieve 4.8% sales growth and diluted earnings per share of $4.54, an increase of over 20% year on year. Those figures, it said, took account of the estimated $62 million in costs associated with the breach, including the provision of free credit monitoring and identity theft protection services to its customers, as well as the likely costs of the investigation and additional call centre staffing expenses.

Though Home Depot appears to have weathered the storm better than some may have expected, it has warned its customers in the US and Canada to be on the lookout for phishing scams following the theft of email addresses.

You should always think before you click on links or open attachments in unsolicited emails. Here are some tips to avoid getting caught out.

Be wary of any emails that appear to have come from Home Depot, or anywhere else for that matter, as the consequences of not doing so can be severe in terms of stolen personal information, damaged finances or even identity theft.