Security News > 2020 > October > Home Depot Confirms Data Breach in Order Confirmation SNAFU
![Home Depot Confirms Data Breach in Order Confirmation SNAFU](/static/build/img/news/home-depot-confirms-data-breach-in-order-confirmation-snafu.jpg)
Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information.
After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue.
One affected customer posted a screenshot of his inbox on Twitter, filled with random people's order confirmations, tweeting: "Hey um I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada. There are 660+ emails. Something has gone wrong."
"The data release from some of Home Depot's customers in Canada is unusual, in that the breach seems to be the result of an internal system error rather than an external attack," Saryu Nayyar, CEO at Gurucul, said via email.
"Still, releasing home and email addresses and recent order confirmations could be gold for a malicious actor. Personal information like that can be leveraged into a convincing phishing email, which could lead to the affected customers becoming victims."
News URL
https://threatpost.com/home-depot-data-breach-order-confirmation/160728/
Related news
- Panda Restaurants discloses data breach after corporate systems hack (source)
- 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element (source)
- UK confirms Ministry of Defence payroll data exposed in data breach (source)
- Dell warns of data breach, 49 million customers allegedly affected (source)
- Dell API abused to steal 49 million customer records in data breach (source)
- Largest non-bank lender in Australia warns of a data breach (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- Banco Santander warns of a data breach exposing customer info (source)
- Nissan North America data breach impacts over 53,000 employees (source)
- MediSecure e-script firm hit by ‘large-scale’ ransomware data breach (source)