Info on Home Depot customers exposed (but no financial data)


 A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time, on a Home Depot web site.

No financial data was part of the list, which did not compare with the 2014 data breach in which hackers installed software that provided them with personal and financial information for 56 million Home Depot customers. 

“This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014,” wrote the Consumerist, a part of the Consumer Reports organization. “While the spreadsheets contained no credit card data, bank account information, or Social Security numbers—which are considered legally protected data—the level of transaction detail was extensive.”

Company spokesman Stephen Holmes said the information was taken down just as soon as it was discovered, although he wasn’t sure exactly when that occurred. “That happened a while ago,” he said.

The information was posted online through a combination of technical glitch and human error, Holmes said.

The lists in this case were hosted under the Home Depot web domain so they were accessible to the public. However, they would be seen only by someone who knew where to look.

Still, the fact that any customer data was listed on the web is a problem that “raises a variety of questions,” the Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”

Home Depot spokesman Holmes said there has been no indication thus far that anyone retrieved and misused the information. 

Brian Krebs, a cybersecurity expert who runs KrebsOnSecurity.comtold the Consumerist that data such as names, addresses and customer service details could be used for “pretexting,” a scam in which the scammer convinces the that they have a pre-existing relationship – and then uses that to get valuable information. 

Krebs broke the story of Home Depot’s breach in 2014.

Customers who wanted to see if their information was in those spreadsheets can check by calling Home Depot’s main customer service line: 800-466-3337.

“We have 1.5 billion transaction a year, so the chances that somebody calls at random and they are on the list are pretty small,” Holmes said. “But if a customer calls, we’ll tell him if his information was there.”

 

 

 


Reader Comments ...


Next Up in Business

Atlanta-based Home Depot hits $100 billion in sales
Atlanta-based Home Depot hits $100 billion in sales

Home Depot sales have grown more than twice as fast as the nation’s economy, a pace that will continue through this year, the company predicted Tuesday. Although the massive Atlanta-based company opened just six new stores during the past year, growth of sales surged 6.7 percent from the previous fiscal year to break the $100 billion barrier...
Put that pen down: Why baby boomers should not co-sign college loans 
Put that pen down: Why baby boomers should not co-sign college loans 

We all know that young people should show respect for their elders. In return, those elders should extend all their resources to the up-and-coming generation. Right? Not so fast, says the Motley Fool. When it comes to co-signing for college loans, parents and grandparents in the Baby Boom generation (born 1946 to 1964) should just say no...
More lactation pods added at Hartsfield-Jackson
More lactation pods added at Hartsfield-Jackson
The world’s busiest airport now has lactation pods for nursing mothers at six different locations. The company that designs the lactation pods, Mamava, opened four of the units at Hartsfield-Jackson International Airport in 2016, free to use and paid for with advertising.  Now, Mamava has added two more locations in the Atlanta airport and...
Audit finds red flags in Hartsfield-Jackson contracting
Audit finds red flags in Hartsfield-Jackson contracting

A city audit found red flags in contracting for construction projects in Hartsfield-Jackson International Airport’s $6 billion expansion, indicating an “elevated risk of fraud.” The audit found errors in the contracting process — including errors that may have affected the outcome of a contract award — as well...
Meet Janice Bryant Howroyd, the first African-American woman to run a $1 billion business
Meet Janice Bryant Howroyd, the first African-American woman to run a $1 billion business

Janice Bryant Howroyd, 65, is founder and chief executive of Act 1 Group, an employment agency that also provides consulting and business services, including background checks and screening. She’s the first African-American woman to operate a company that generates more than $1 billion in annual revenue, according to Black Enterprise Magazine...
More Stories