Home Depot on Thursday said that 53 million email addresses were also swiped in its recent data breach where 56 million credit card accounts were also compromised.
For the home improvement retailer the security hits just keep coming. In a statement, Home Depot outlined the following from its investigation:
- The hackers used a third-party vendor credentials to tap into the edge of Home Depot's network. That access didn't get the cybercrooks access to point-of-sale terminals.
- From that network beachhead, hackers got elevated rights to check out Home Depot's network and install malware on self-checkout systems in U.S. and Canada.
- Email addresses were taken, but no other personal information was lost.
Home Depot reiterated that the malware that was installed "had not been seen in any prior attacks and was designed to evade detection by antivirus software."
Related:| | |
Like Target, which was whacked with a costly data breach last year, Home Depot is notifying affected customers and scrambling to beef up its security practices. Those improvements include enhanced encryption across all of its U.S. stores. Canadian stores will be complete in 2015. Home Depot is also speeding up its deployment of chip-and-pin technology.
So far, the breach hasn't hurt Home Depot's financial picture. The company reports third quarter earnings Nov. 18 and reiterated that its fiscal 2014 sales will be up about 4.8 percent with earnings per share of about $4.54. However, Home Depot said that its guidance doesn't include costs related to the breach and the company added that it is "not able to estimate the costs, or a range of costs" yet.