Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

Private data from thousands of Home Depot workers leaked

Aerial photograph shows The Home Depot Cumberland Store near the Home Depot headquarters.    (HYOSUB SHIN/The Atlanta Journal-Constitution/TNS)
By Michael E. Kanell Atlanta Journal-Constitution Atlanta Journal-Constitution

Private information for about 10,000 Home Depot employees has been leaked onto a website used by internet hackers, according to the company and reporting by a number of tech industry news organizations.

The leak was accidental and was caused by a software vendor, said Beth Marlowe, a Home Depot spokesperson.

“A third-party software-as-a-service vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,”she said. “It was not some breach of our system.”

The vendor’s mistake was leaving the information visible on the web for others to see. It was retrieved by a hacker known as IntelBroker, who then posted the data on the illicit forum BreachForums, according to Cybernews. IntelBroker said it had the data for 10,000 Home Depot employees. The company declined to confirm that number, but said it was “a small sample.”

While this data is not highly sensitive, exposing only corporate IDs, names, and email addresses, it could be used by threat actors to conduct targeted “phishing” attacks against Home Depot employees, CyberNews said.

That kind of data can be used to launch waves of messages to unsuspecting consumers in an effort to get them to provide more sensitive information, such as Home Depot credentials, which could then be sold to others who might use the information to breach the company’s network and steal corporate data or deploy ransomware.

The company said it has taken steps to tighten security against any misuse of the data.

A hacker known as IntelBroker posted the data on the illicit forum BreachForums.

“In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company. Compromised data: full names and email addresses,” the hacker claimed, according to CyberNews.

The IntelBroker group is linked to a number of other hacking incidents, according to Bleeping Computer. Its previous hacking included theft of information from DC Health Link, an organization that administers the health care plans of U.S. House members, their staff, and their families, according to Bleeping Computer.

Home Depot has 2,335 retail stores, including locations in in all 50 states. Home Depot employs about 465,000 people.