Home Depot: 53 million email addresses swiped too

Home Depot details more items from its investigation of a data breach. So far, the company can't estimate the total tab.
Written by Larry Dignan, Contributor

Home Depot on Thursday said that 53 million email addresses were also swiped in its recent data breach where 56 million credit card accounts were also compromised.

10 things you need to know before hiring penetration testers

For the home improvement retailer the security hits just keep coming. In a statement, Home Depot outlined the following from its investigation:

  • The hackers used a third-party vendor credentials to tap into the edge of Home Depot's network. That access didn't get the cybercrooks access to point-of-sale terminals. 
  • From that network beachhead, hackers got elevated rights to check out Home Depot's network and install malware on self-checkout systems in U.S. and Canada. 
  • Email addresses were taken, but no other personal information was lost.

Hacked: The six most common ways non-tech people fall victim

Home Depot reiterated that the malware that was installed "had not been seen in any prior attacks and was designed to evade detection by antivirus software."

Related: Home Depot: 56 million payment cards affected by cyberattack | Home Depot confirms payment system attack | JPMorgan hack affected 76 million households, 7 million SMBs | Staples investigates possible data breach, credit card fraud

Like Target, which was whacked with a costly data breach last year, Home Depot is notifying affected customers and scrambling to beef up its security practices. Those improvements include enhanced encryption across all of its U.S. stores. Canadian stores will be complete in 2015. Home Depot is also speeding up its deployment of chip-and-pin technology.

So far, the breach hasn't hurt Home Depot's financial picture. The company reports third quarter earnings Nov. 18 and reiterated that its fiscal 2014 sales will be up about 4.8 percent with earnings per share of about $4.54. However, Home Depot said that its guidance doesn't include costs related to the breach and the company added that it is "not able to estimate the costs, or a range of costs" yet.

Editorial standards