Info on Home Depot customers exposed (but no financial data)


 A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time, on a Home Depot web site.

No financial data was part of the list, which did not compare with the 2014 data breach in which hackers installed software that provided them with personal and financial information for 56 million Home Depot customers. 

“This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014,” wrote the Consumerist, a part of the Consumer Reports organization. “While the spreadsheets contained no credit card data, bank account information, or Social Security numbers—which are considered legally protected data—the level of transaction detail was extensive.”

Company spokesman Stephen Holmes said the information was taken down just as soon as it was discovered, although he wasn’t sure exactly when that occurred. “That happened a while ago,” he said.

The information was posted online through a combination of technical glitch and human error, Holmes said.

The lists in this case were hosted under the Home Depot web domain so they were accessible to the public. However, they would be seen only by someone who knew where to look.

Still, the fact that any customer data was listed on the web is a problem that “raises a variety of questions,” the Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”

Home Depot spokesman Holmes said there has been no indication thus far that anyone retrieved and misused the information. 

Brian Krebs, a cybersecurity expert who runs KrebsOnSecurity.comtold the Consumerist that data such as names, addresses and customer service details could be used for “pretexting,” a scam in which the scammer convinces the that they have a pre-existing relationship – and then uses that to get valuable information. 

Krebs broke the story of Home Depot’s breach in 2014.

Customers who wanted to see if their information was in those spreadsheets can check by calling Home Depot’s main customer service line: 800-466-3337.

“We have 1.5 billion transaction a year, so the chances that somebody calls at random and they are on the list are pretty small,” Holmes said. “But if a customer calls, we’ll tell him if his information was there.”

 

 

 


Reader Comments ...


Next Up in Business

He helps people secure their passwords with Keeper
He helps people secure their passwords with Keeper

CHICAGO — What’s it really like to work at Chicago startups and tech companies? Blue Sky’s Inside Job lets people on the ground tell us in their own words. Steven Bertrand, 32, User Experience/User Interface Interactive Designer, with a focus on Motion Design, for Keeper Keeper is the world’s leading password manager and secure...
10 household items rendered obsolete by your smartphone
10 household items rendered obsolete by your smartphone

The smartphone’s rise in prominence over the last decade has served as the death knell for many former household tech staples. In just 10 years, smartphones have become the Swiss Army knives of the tech world, being able to do so much more than simply making phone calls and sending text messages. Here are 10 items you’ll never need to buy...
Smart sweeper maps territory to clean
Smart sweeper maps territory to clean

Once you prepare your house for vacuuming, the only thing left to do to clean your floors and carpet is to press a button. From there, the Deebot R95 robotic vacuum cleaner takes over and does the work. I own one of the other robotic vacuums, and while it does a good job, it often gets hung up in areas such as high carpet, tangled with cords, or stuck...
How to brew like a barista at home, using the latest gear
How to brew like a barista at home, using the latest gear

In this age of high-end coffee, every trip to the café is a theater experience. We watch the barista measure out the coffee on a digital scale and check the temperature of the water. We stare as the rivulet of steaming water is then poured from the swan-necked kettle, evenly coating the ground beans in a ritual that ends with the perfect cup...
Mark Cuban invests in Factmata, a startup that fights fake news
Mark Cuban invests in Factmata, a startup that fights fake news

Billionaire tech entrepreneur and Dallas Mavs owner Mark Cuban is funding the fight against fake news. He’s invested in a British startup that’s using artificial intelligence to weed out inaccurate online stories, according to Business Insider. Cuban kicked in funding to a seed round for Factmata after getting a cold call from the company&rsquo...
More Stories