The Atlanta Journal-Constitution

Some Home Depot workers have their private data leaked

‘Small sample’ of its 465,000 employees’ info exposed.

- By Michael E. Kanell michael.kanell@ajc.com

Private informatio­n for about 10,000 Home Depot employees has been leaked onto a website used by internet hackers, according to the company and reporting by a number of tech industry news organizati­ons.

The leak was accidental and caused by a software vendor, said Beth Marlowe, a Home Depot spokeswoma­n.

“A third-party softwareas-a-service vendor inadverten­tly made public a small sample of Home Depot associates’ names, work email addresses and user IDs during testing of their systems,”she said. “It was not some breach of our system.”

The vendor’s mistake was leaving the informatio­n visible on the web for others to see. It was retrieved by a hacker known as IntelBroke­r, who then posted the data on the illicit forum BreachForu­ms, Cybernews reported.

IntelBroke­r said it had the data for 10,000 Home Depot employees. The company declined to confirm that number, but said it was “a small sample.”

While this data is not highly sensitive, exposing only corporate IDs, names and email addresses, it could be used by threat actors to conduct targeted “phishing” attacks against Home Depot employees, CyberNews said.

That kind of data can be used to launch waves of messages to unsuspecti­ng consumers in an effort to get them to provide more sensitive informatio­n, such as Home Depot credential­s, which then could be sold to others who might use the informatio­n to breach the company’s network and steal corporate data or deploy ransomware.

The company said it has taken steps to tighten security against any misuse of the data.

“In April 2024, Home Depot suffered a data breach that exposed the corporate informatio­n belonging to 10K employees of the company. Compromise­d data: full names and email addresses,” the hacker claimed, according to CyberNews.

The IntelBroke­r group has been linked to a number of other hacking incidents, according to Bleeping Computer. Its previous hacking included theft of informatio­n from DC Health Link, an organizati­on that administer­s the health care plans of U.S. House members, their staff and their families, according to Bleeping Computer.

Home Depot is the largest Georgia-based company by sales and second only to UPS in the size of its workforce.

The Vinings-based company has 2,335 retail stores, including locations in all 50 states. Home Depot employs about 465,000 people.

?? HYOSUB SHIN/AJC FILE ?? No highly sensitive material was involved in the security breach, says Home Depot.
HYOSUB SHIN/AJC FILE No highly sensitive material was involved in the security breach, says Home Depot.

Newspapers in English

Newspapers from United States