ATLANTA—Stolen vendor log-on credentials led to the Home Depot data breach, the retailer reported Thursday.
Home Depot’s latest investigation also revealed that 53 million e-mail addresses were accessed, along with the 56 million credit and debit cards that were compromised. Home Depot first reported the breach in early September.
In a release, Home Depot stated that thieves used a vendor’s stolen log-on credentials to hack into the company’s computer network and install custom-built malware. The malware was designed to evade antivirus software and has since been eliminated, Home Depot stated.
The e-mail addresses did not contain passwords, payment card information or other sensitive personal information, Home Depot explained. The company said that currently it does not believe check payments were affected nor PIN numbers compromised.
Home Depot is notifying affected customers and is offering credit monitoring.
The Home Depot data breach has cost credit unions almost $60 million, according to data released by CUNA. That brings to $90 million the estimated costs to CUs when the Target breach is also factored in.
Related links
Another CU Files Suit Against Home Depot