Home Depot Data Breach, How Did it Happen

Posted on by David Lukic in Data Breaches December 18, 2020

Cybercriminals can break into any system; this was proven by the Home Depot data breach of 2014. More than 50 million people were affected by the Home Depot data hack during which a hacker used malware to infect self-pay kiosks and steal names, email addresses, credit card numbers, security codes and expiration dates. The incident affected both American and Canadian citizens. Investigators believe that a variant of the same malware (BlackPOS) used to infiltrate Target was used to steal millions of credit cards from Home Depot. The warehouse giant was criticized for not responding to the breach sooner and for taking its time to report the incident to affected customers and the authorities. Additional details indicate that the hacker used stolen vendor credentials to get into Home Depot’s system to install the malware

home depot data breach

When Was the Home Depot Data Breach?

The Home Depot data breach took place between April 2014 and September 2, in both the U.S. and Canada. Malware was installed on self-checkout terminals, and that is how the criminals were able to steal names and credit card information for more than 50 million customers. 

How to Check if Your Data Was Breached From Home Depot Hack

Home Depot notified all affected customers by mail of the data breach. Their letter included information on what to do if the hackers used your information to steal money. Banks announced a spike in ATM withdrawals after the breach, even though Home Depot claimed debit card PINs were not taken. The best way to check to see if your data was breached is to review your bank and credit card statements from April 2014 and beyond. Look for any unauthorized activity. You should also get a copy of your credit report and look for accounts that you did not open. 

What to Do if Your Victim of Home Depot Data Breach

If you shopped at Home Depot between April of 2014 and September 2014 and you used a self-checkout cash register, you were most likely affected. By now, you should have canceled the credit or debit card you used and had the bank reissue you another one. You should have reviewed your bank and credit card statements and also checked your credit report. Additionally, since phishing scams are the result of many of these data breaches, you should make sure your computer is clean by installing antivirus software and running a deep scan. 

Home Depot Data Breach Lawsuits and Settlements

At the time, 57 class-action lawsuits were filed in both the U.S. and Canada. The courts in Atlanta, Georgia, consolidated them. In 2016, Home Depot agreed to a $25 million settlement to reimburse customers for fraud and damages due to the data breach. Additionally, they have beefed up their security and hired a private cybersecurity company to oversee their operations. You can review the settlement document here, but the time to file has passed. They provided a short 120-day window to file claims. 

home depot security breaches

Can The Home Depot Data Breach Cause Identity Theft?

Absolutely! Hackers don’t need much to begin an identity theft campaign, which may include acquiring additional information from the dark web, phishing scams, and other tactics to obtain the information they need to steal your identity and open lines of credit or blackmail you for funds. Most breaches include names and email addresses, and some even include payment information like the Home Depot hack. With so many data breaches reported, it’s challenging to keep your identity safe these days, but there are things you can do to protect yourself. 

What to Do to Protect Yourself When Paying at Retail Locations

It would be difficult to give up paying with credit or debit cards at retail locations, but other ways to protect yourself are:

  • Use only a single card for retail or online shopping and scan the monthly statements carefully for any fraud or unusual activity.

  • Never give out your personal information to anyone unless you have to.

  • Keep an eye on your credit reports and sign up for credit monitoring with a reputable company like IDStrong.com.

  • Be on the lookout for phishing scams or strange sounding emails. 

  • Never click a link inside an email or download any attachments.

  • Keep your antivirus software updated and run frequent scans.

About the Author
IDStrong Logo

Related Articles

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in the fina... Read More

What is an Accidental Web Exposure and How to Prevent Data Leakage

Data breaches take many forms, and one of them is through accidental web exposure and data leakage. Milli... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, 2015 an... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. What start... Read More

Scan Your Records for Breaches, Leaks & Exposures!