Home Depot confirms data breach, says employee data affected
A small subset of Home Depot employee data was leaked by a third party
Home Depot suffered a data breach which resulted in some employee data leaking on the dark web, reports have claimed.
Roughly 17,000 people were affected by the breach, which took place in May 2023, after infamous threat actor IntelBroker posted a new thread on an underground forum, sharing information on the breach.
"In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company," IntelBroker said in the post. The thread was quickly picked up by BleepingComputer, which reached out to Home Depot and got the confirmation.
IntelBroker strikes again
Apparently, this was a supply chain attack, with Home Depot stating that, "A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates' names, work email addresses and User IDs during testing of their systems."
Home Depot is an American multinational home improvement retail corporation that sells the tools and materials used in construction and renovation. With more than 2,300 stores across North America, as well as more than 475,000 employees, it is the largest company in its niche.
While the data leak may be limited, it is still useful for threat actors that engage in identity theft or phishing attacks. Therefore, Home Depot employees should be wary of incoming emails, while everyone else should be on the lookout for emails claiming to come from the company’s employees.
Data leaks such as this one are a frequent occurrence, and IntelBroker is one of the more active threat actors. They are known for leaking data from various U.S. government agencies, General Electric, Facebook, HPE, and others. They rose to infamy after breaching DC Health Link, a company that manages health care plans for the U.S. House members and their families, as well as their staff and other employees.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- FBI probes after US politician data hacked, put up for sale online
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.