Who: Home Depot, the largest home improvement retailer in North America, with over 2,300 stores and 475,000 employees, confirms a data breach.
What: The breach occurred when one of Home Depot's third-party Software-as-a-Service (SaaS) vendors mistakenly exposed a small sample of employee data during system testing. Approximately 10,000 Home Depot employees' corporate information, including names, work email addresses, and User IDs, was leaked.
Impact: While the exposed data is not highly sensitive, it could facilitate targeted phishing attacks against Home Depot employees. Threat actors could use this information to conduct phishing campaigns aimed at acquiring more sensitive data, such as credentials, which could lead to network breaches or ransomware deployment. Home Depot advises its employees to remain vigilant against suspicious emails requesting corporate credentials and to report such incidents to the company's IT staff. The threat actor behind the leak, IntelBroker, has a history of cyberattacks targeting various organizations, including DC Health Link, PandaBuy, Acuity, Hewlett Packard Enterprise (HPE), Weee!, and allegedly General Electric Aviation.
Read the full article HERE