Home Depot breach: 53 million email addresses also stolen
The US retailer said data was taken in addition to the payment details of 56 million debit and credit cards
The Home Depot has revealed more information about the credit card data breach that first came to light back in September.
After an investigation, the company also discovered 53 million email addresses were taken during the breach, during which the details of 56 million payment cards were stolen.
As a result, the US retailer is now telling anyone whose details may have been compromised to educate themselves about phishing.
The company said in a statement that hackers used a third-party vendor's username and password to access the network.
This somehow allowed them to change their rights to deploy malware on the company's self-checkout systems in the US and Canada, which scrapped customer payment details.
The company said in the statement: "As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot's security partners.
"The Home Depot's investigation, cooperation with law enforcement and efforts to further enhance its security measures are ongoing. The company does not anticipate further updates on the breach outside of its quarterly financial disclosures."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Those security measures include enhancing the encryption of payment data in all US stores and introducing EMV chip-and-PIN technology.
The former solution was already being developed before the company's system was hacked, but Home Depot decided to bring forward its implementation.
This means all payment data taken from customers is scrambled to prevent hackers from making sense of anything they are able to obtain.
EMV chip-and-PIN technology adds an extra layer of payment card protection and is the same protocol that has been used in the UK since chip and PIN was introduced in 2004.
When Home Depot revealed its systems had been hacked, it was declared the biggest ever retail security breach in history.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.