Info on Home Depot customers exposed (but no financial data)


 A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time, on a Home Depot web site.

No financial data was part of the list, which did not compare with the 2014 data breach in which hackers installed software that provided them with personal and financial information for 56 million Home Depot customers. 

“This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014,” wrote the Consumerist, a part of the Consumer Reports organization. “While the spreadsheets contained no credit card data, bank account information, or Social Security numbers—which are considered legally protected data—the level of transaction detail was extensive.”

Company spokesman Stephen Holmes said the information was taken down just as soon as it was discovered, although he wasn’t sure exactly when that occurred. “That happened a while ago,” he said.

The information was posted online through a combination of technical glitch and human error, Holmes said.

The lists in this case were hosted under the Home Depot web domain so they were accessible to the public. However, they would be seen only by someone who knew where to look.

Still, the fact that any customer data was listed on the web is a problem that “raises a variety of questions,” the Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”

Home Depot spokesman Holmes said there has been no indication thus far that anyone retrieved and misused the information. 

Brian Krebs, a cybersecurity expert who runs KrebsOnSecurity.comtold the Consumerist that data such as names, addresses and customer service details could be used for “pretexting,” a scam in which the scammer convinces the that they have a pre-existing relationship – and then uses that to get valuable information. 

Krebs broke the story of Home Depot’s breach in 2014.

Customers who wanted to see if their information was in those spreadsheets can check by calling Home Depot’s main customer service line: 800-466-3337.

“We have 1.5 billion transaction a year, so the chances that somebody calls at random and they are on the list are pretty small,” Holmes said. “But if a customer calls, we’ll tell him if his information was there.”

 

 

 


Reader Comments ...


Next Up in Business

Delta pushes for anonymity in second airport opposition
Delta pushes for anonymity in second airport opposition

In the protracted fight over creating metro Atlanta’s second commercial airport in Paulding County, supporters of the idea have long alleged that Delta Air Lines is funding lawsuits filed by residents challenging that effort. Delta says it’s no secret that it opposes the commercialization of the Paulding airport, 38 miles northwest...
Atlanta-based SunTrust says data on 1.5 million customers tapped
Atlanta-based SunTrust says data on 1.5 million customers tapped

Atlanta-based SunTrust on Friday said it feared that a now-former employee had wrongly accessed basic information about 1.5 million customers. The company became aware in late February that the person – an employee at the time – had access to confidential information including names, addresses, phone numbers and some account balances. However...
Delta adding more inspections of its Boeing 737 engines
Delta adding more inspections of its Boeing 737 engines

In the wake of the Southwest Airlines engine failure that left one woman dead, Delta Air Lines said it is adding more inspections of those engines in its fleet. Atlanta-based Delta’s entire Boeing 737 fleet has the same type of engines that were in the Southwest plane that blew an engine Tuesday. The CFM56-7B engine that blew on the Southwest...
Former FAA administrator joins Delta board of directors
Former FAA administrator joins Delta board of directors

Michael Huerta, the former administrator of the Federal Aviation Administration is joining Delta Air Lines’ board of directors.  Huerta served a five-year term as FAA administrator after being nominated to the position by President Barack Obama and sworn into office in January 2013. He stepped down at the completion of his term...
Georgia loses jobs in March, but unemployment rate steady
Georgia loses jobs in March, but unemployment rate steady

After two strong months, Georgia’s economy lost jobs in March. The number of jobs dropped by 7,400 during the month after adding 9,200 in January and 18,300 in February. The unemployment rate, which is calculated from a different, less extensive survey, held steady at 4.4 percent, according to a report issued Thursday by the Georgia Department...
More Stories