Info on Home Depot customers exposed (but no financial data)


 A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time, on a Home Depot web site.

No financial data was part of the list, which did not compare with the 2014 data breach in which hackers installed software that provided them with personal and financial information for 56 million Home Depot customers. 

“This recent cache of customer data that was exposed on HomeDepot.com is of a different type and scale than what was harvested during Home Depot’s breach of 2014,” wrote the Consumerist, a part of the Consumer Reports organization. “While the spreadsheets contained no credit card data, bank account information, or Social Security numbers—which are considered legally protected data—the level of transaction detail was extensive.”

Company spokesman Stephen Holmes said the information was taken down just as soon as it was discovered, although he wasn’t sure exactly when that occurred. “That happened a while ago,” he said.

The information was posted online through a combination of technical glitch and human error, Holmes said.

The lists in this case were hosted under the Home Depot web domain so they were accessible to the public. However, they would be seen only by someone who knew where to look.

Still, the fact that any customer data was listed on the web is a problem that “raises a variety of questions,” the Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”

Home Depot spokesman Holmes said there has been no indication thus far that anyone retrieved and misused the information. 

Brian Krebs, a cybersecurity expert who runs KrebsOnSecurity.comtold the Consumerist that data such as names, addresses and customer service details could be used for “pretexting,” a scam in which the scammer convinces the that they have a pre-existing relationship – and then uses that to get valuable information. 

Krebs broke the story of Home Depot’s breach in 2014.

Customers who wanted to see if their information was in those spreadsheets can check by calling Home Depot’s main customer service line: 800-466-3337.

“We have 1.5 billion transaction a year, so the chances that somebody calls at random and they are on the list are pretty small,” Holmes said. “But if a customer calls, we’ll tell him if his information was there.”

 

 

 


Reader Comments ...


Next Up in Business

Long waits mar new Uber, Lyft pickup plan at Hartsfield-Jackson
Long waits mar new Uber, Lyft pickup plan at Hartsfield-Jackson

The Atlanta airport’s new ride-share pickup location drew complaints from both drivers and passengers after long waits and traffic backups Thursday, when many fliers return from business trips. During the peak Thursday night period, some passengers said they waited as long as 40 minutes or more for ride-share drivers to reach them after being...
Total solar eclipse 2017 in Georgia: What’s the cost to business?
Total solar eclipse 2017 in Georgia: What’s the cost to business?

Turns out there is one way to look at an eclipse without harming your eyes: through the lens of economics. Sure, it’s not romantic and not inspiring and not exactly scientific either – even if they do call economics, “the dismal science.” And sure, The Great American Eclipse – surely is a spectacular moment that demands...
KPMG and Atlanta auditor pay $6 million-plus to settle SEC charges
KPMG and Atlanta auditor pay $6 million-plus to settle SEC charges

Accounting firm KPMG LLP and one of its Atlanta-based partners agreed to pay more than $6 million in penalties to settle allegations that a flawed audit allowed a Tennessee oil company to defraud investors. The U.S. Securities and Exchange Commission’s Atlanta office, which investigated the case, said KPMG’s audit failed to catch assets...
Georgia jobless rate ticks down despite weak hiring
Georgia jobless rate ticks down despite weak hiring

The Georgia unemployment rate dipped in July, but so did hiring as the economy continued several months of stop-and-go. After a very strong June, the state’s economy lost 14,500 jobs last month. But the jobless rate, calculated from a different survey, edged down from 4.8 percent to 4.7 percent, the state Labor Department said Thursday. The unemployment...
Trail network pitched for south Atlanta ‘aerotropolis’
Trail network pitched for south Atlanta ‘aerotropolis’

Could the next Beltline be on Atlanta’s southside? That’s the goal of an ambitious greenway concept for the “aerotropolis” area surrounding Hartsfield-Jackson International Airport. The vision is for a network of trails and bike paths connected across the hodgepodge of cities and counties in south Metro Atlanta — and connected...
More Stories