Skip to main content

Home Depot hack update: 53 million customer email addresses also stolen

US retailer Home Depot has revealed that the high-profile credit card hack which struck the firm earlier in the year, also resulted in the theft of 53 million email addresses.

It confirmed that attackers used a vendor's username and password to access the store's network.

Read more: eBay hack must trigger a sea of change for retail cyber security attitudes

The hack took place between April and September and resulted in the theft of 56 million debit and credit card details, making it one of the largest data breaches on record.

Home Depot has sought to reassure customers affected by the breach, stressing that no other sensitive information or passwords were stolen along with the email listings. However, it did emphasise that customers should be extra vigilant against any phishing attacks.

According to the BBC, the company is also offering credit monitoring to all affected consumers in the US and Canada.

Home Depot has said that it is still investigating the data breach, which follows a number of attacks on other retail firms across the US.

Target suffered a high-profile attack in December 2013, resulting in the loss of payment data from as many as 70 million customers.

Read more: Staples becomes latest US store hit by credit card data breach

The rise of in-store mobile payments also means that the retail environment could become a fruitful ground for hackers. Industry experts have suggested that larger retailers in particular need to take a more proactive approach to preventing cybercrime, with stores such as Staples, Dairy Queen and Kmart all suffering attacks in the past year.