Data breach reportedly exposes Home Depot employee data
An error by an outside vendor reportedly let a hacker gain unauthorized access to some personal data of roughly 10,000 employees of The Home Depot.
According to Bleeping Computer, The Home Depot has acknowledged that on Thursday, April 4, 2024, a cybercriminal that goes by the alias “IntelBroker” leaked data including names, work email addresses and corporate user IDs from about 10,000 of its workers on a known online forum for hackers.
"A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates' names, work email addresses and user IDs during testing of their systems," Home Depot told BleepingComputer in a response to an inquiry about the posting on the hacker forum.
The information by itself is not necessarily that damaging to the affected employees, according to Bleeping Computer, but could be used in phishing attacks designed to trick workers whose data was exposed into revealing more sensitive information that could be used against them or Home Depot.
According to Bleeping Computer, IntelBroker is a “well-known threat actor” who has also managed to steal data such as health care information related to members and staff of the U.S. House of Representatives. IntelBroker is also reported be responsible for cyberbreaches of companies including Hewlett Packard Enterprise and Weee!, an online Asian supermarket for U.S. consumers.
In emailed commentary, cybersecurity experts from identity solutions provider Saviynt said retailers need to pay close attention to potential vulnerabilities caused by third-party partners.
"Conventional third-party controls for SaaS solutions are insufficient to meet the significant growth in SaaS usage at enterprise scale as evidenced in the announced Home Depot cybersecurity incident,” said Jim Routh, chief trust officer at Saviynt. Specific protections for IAM profile information, as indicated in this incident, offer a clear opportunity for enterprises to improve IAM governance capabilities for SaaS usage."
"You’re only as secure as your weakest link, and that link is increasingly third-party providers," said Jeff Margolies, chief product & strategy officer at Saviynt. "Enterprises need to extend their identity security perimeter by better managing third-party access to sensitive data."
Headquartered in Atlanta, The Home Depot is the world's largest home improvement specialty retailer. At the end of fiscal year 2023, the company operated a total of 2,335 retail stores in all 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Guam, 10 Canadian provinces and Mexico. The company employs approximately 465,000 associates.