The Home Depot confirmed it recently experienced a data breach when a vendor mistakenly exposed some personally identifiable employee data as part of systems testing.
“A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” a Home Depot spokesperson told Retail Dive in an emailed statement on Tuesday.
The company did not respond to a question from Retail Dive about how many people were affected. But technology news website Bleeping Computer reported Sunday that limited data for about 10,000 employees was leaked to a hacking forum.
Home Depot declined to share what date the data breach was discovered or the name of the vendor involved. The company did confirm to Retail Dive that no customer data was involved in the breach.
According to the Verizon 2023 Data Breach Investigations Report, “74% of all breaches include the human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering.”
Georgia-based Home Depot employs about 465,000 people and has over 2,300 stores in the U.S., Canada and Mexico. In 2016, the retailer agreed to pay $19.5 million to U.S. customers affected by a 2014 data breach.
More than 50 million credit cards were compromised in that incident, Retail Dive reported at the time. The settlement covered about 40 million people who had payment card data stolen, and up to 53 million people who had email addresses stolen, with some overlap between the groups.