Home Depot confirms data breach, says employee data affected

Will Home Depot open its doors on Thanksgiving? (Image credit: Home Depot)

Home Depot suffered a data breach which resulted in some employee data leaking on the dark web, reports have claimed.

Roughly 17,000 people were affected by the breach, which took place in May 2023, after infamous threat actor IntelBroker posted a new thread on an underground forum, sharing information on the breach.

"In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company," IntelBroker said in the post. The thread was quickly picked up by BleepingComputer, which reached out to Home Depot and got the confirmation.

IntelBroker strikes again

Apparently, this was a supply chain attack, with Home Depot stating that, "A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates' names, work email addresses and User IDs during testing of their systems."

Home Depot is an American multinational home improvement retail corporation that sells the tools and materials used in construction and renovation. With more than 2,300 stores across North America, as well as more than 475,000 employees, it is the largest company in its niche.

While the data leak may be limited, it is still useful for threat actors that engage in identity theft or phishing attacks. Therefore, Home Depot employees should be wary of incoming emails, while everyone else should be on the lookout for emails claiming to come from the company’s employees.

Data leaks such as this one are a frequent occurrence, and IntelBroker is one of the more active threat actors. They are known for leaking data from various U.S. government agencies, General Electric, Facebook, HPE, and others. They rose to infamy after breaching DC Health Link, a company that manages health care plans for the U.S. House members and their families, as well as their staff and other employees.

More from TechRadar Pro

FBI probes after US politician data hacked, put up for sale online
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.