The largest security breach involving a U.S. retailer ever reported just got worse. Home Depot acknowledged in September that a malware attack "put payment card information at risk for approximately 56 million unique payment cards."
In a statement dated Nov. 6, Home Depot reports that an ongoing investigation revealed “separate files containing approximately 53 million email addresses were also taken during the breach. These files did not contain passwords, payment card information or other sensitive personal information.”
In an email to customers, Home Depot emphasized, “In all likelihood this event will not impact you, but we recommend that you be on the alert for phony emails requesting personal or sensitive information.”
However, the thieves would not have bothered to steal the information if it weren’t valuable. Brian Krebs of Krebs on Security gave a brilliant example of how your email could be used in a phishing scam, “think a Home Depot ‘survey’ that offers a gift card for the first 10,000 people who open the booby-trapped attachment.”
It’s a good idea to look at all attachments as “booby-trapped” unless you know the sender personally (not a company or store) and can confirm that the person you trust actually sent the email. Remember, many people that you know have had their address books hacked.
A Home Depot website confirms that "it’s important to be on guard against phishing scams that are designed to trick you to provide personal information in response to phony emails. It is important not to give out personal information on the phone, through the mail or on the Internet, unless you have initiated the contact and are sure of who you’re dealing with. Similarly, you should not click directly on any email links if you have any doubts about whether the email comes from a legitimate source."
If you were impacted by the breach, and have further questions, you can call the home improvement giant at 1-800-HOMEDEPOT.
Continue to check your credit and debit card statements carefully, and it would be a wise idea to change the password on your email account associated with Home Depot just to be on the safe side.