Info on Home Depot customers exposed (but no financial data)


 A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time, on a Home Depot web site.

No financial data was part of the list, which did not compare with the 2014 data breach in which hackers installed software that provided them with personal and financial information for 56 million Home Depot customers. 

“This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014,” wrote the Consumerist, a part of the Consumer Reports organization. “While the spreadsheets contained no credit card data, bank account information, or Social Security numbers—which are considered legally protected data—the level of transaction detail was extensive.”

Company spokesman Stephen Holmes said the information was taken down just as soon as it was discovered, although he wasn’t sure exactly when that occurred. “That happened a while ago,” he said.

The information was posted online through a combination of technical glitch and human error, Holmes said.

The lists in this case were hosted under the Home Depot web domain so they were accessible to the public. However, they would be seen only by someone who knew where to look.

Still, the fact that any customer data was listed on the web is a problem that “raises a variety of questions,” the Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”

Home Depot spokesman Holmes said there has been no indication thus far that anyone retrieved and misused the information. 

Brian Krebs, a cybersecurity expert who runs KrebsOnSecurity.comtold the Consumerist that data such as names, addresses and customer service details could be used for “pretexting,” a scam in which the scammer convinces the that they have a pre-existing relationship – and then uses that to get valuable information. 

Krebs broke the story of Home Depot’s breach in 2014.

Customers who wanted to see if their information was in those spreadsheets can check by calling Home Depot’s main customer service line: 800-466-3337.

“We have 1.5 billion transaction a year, so the chances that somebody calls at random and they are on the list are pretty small,” Holmes said. “But if a customer calls, we’ll tell him if his information was there.”

 

 

 


Reader Comments ...


Next Up in Business

All-new Chevy SUV, the Blazer, debuts in Atlanta
All-new Chevy SUV, the Blazer, debuts in Atlanta

Chevrolet unveiled the newest vehicle in its lineup, the Blazer, in Atlanta Thursday night, reviving the defunct SUV with a smaller version. Alan Batey, General Motors’ North American president, made the announcement at an event at The Fairmont in Atlanta, showing off a model of the mid-size SUV, which features a slimmer, more athletic front...
UPS, Teamsters reach tentative labor agreement
UPS, Teamsters reach tentative labor agreement

UPS and the Teamsters union have reached a tentative agreement on a new five-year labor deal, which if approved could alleviate the risk of a strike. The settlement in principle of the national master UPS agreement is subject to approval by UPS local unions. Yet to be resolved are supplemental agreements, according to the Teamsters. The final deal...
Wes Moss: How to head into retirement with no mortgage
Wes Moss: How to head into retirement with no mortgage

“Should we pay off our mortgage before we retire?” This is among the most common questions I get from clients and “Money Matters” listeners (tune in from 9-11 a.m. Sundays on WSB radio (News 95.5 and AM 750 WSB). I most recently heard it from a couple who are on their final approach for retirement. Let’s call them Rose...
Chevrolet announces all-new Chevy Blazer in Atlanta
Chevrolet announces all-new Chevy Blazer in Atlanta

Chevrolet unveiled the newest vehicle in its lineup, the Chevy Blazer, in Atlanta Thursday night, reviving the discontinued Trailblazer with a smaller version of the utility vehicle. Alan Batey, General Motors’ North American president, made the announcement at an event at The Fairmont in Atlanta, showing off a model of the mid-sized SUV, which...
Mayor Kasim Reed aides got late term promotions to Hartsfield-Jackson
Mayor Kasim Reed aides got late term promotions to Hartsfield-Jackson

Former Atlanta Mayor Kasim Reed’s administration transferred two employees from City Hall to high-paying positions at Hartsfield-Jackson International Airport in the final days of Reed’s term. Both worked closely with Reed, one as an executive assistant to the mayor and the other as a scheduling coordinator, and both were promoted to the...
More Stories