Skip to main content
The Globe and Mail
Get full access to globeandmail.com
Support quality journalism
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
The Globe and Mail
Support quality journalism
Get full access to globeandmail.com
Globe and Mail website displayed on various devices
Just$1.99
per week
for the first 24 weeks

var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){console.log("scroll");var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))}pencilInit(".js-sub-pencil",!1);

The latest information stemmed from weeks of work by investigators, who are co-operating with law enforcement and information-technology experts, Home Depot said.

Jim Young/Reuters

Home Depot Inc., which suffered a data breach between April and September, said 53 million e-mail addresses were taken by hackers during the attack, in addition to the 56 million payment cards that were previously disclosed.

Home Depot also said Thursday that the criminals used a third-party vendor's user name and password to reach the perimeter of its network, then gained additional rights to navigate the company's systems. Hackers used custom-built software on Home Depot's self-checkout terminals in the U.S. and Canada to access customer data, according to a statement.

"Customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony e-mails," the Atlanta-based company said.

Story continues below advertisement

Home Depot, which first acknowledged the attack in September, has become one of the biggest victims of hackers' war on retailers. The world's largest home-improvement chain has said it expects to pay about $62-million (U.S.) this year to recover from the incursion, including additional costs for call-center staffing and legal expenses. Insurance will cover $27-million of that tab, the company said.

The latest information stemmed from weeks of work by investigators, who are co-operating with law enforcement and information-technology experts, Home Depot said. The e-mail data that was stolen didn't include passwords or other sensitive information, the company said.

New Malware

Home Depot began investigating the breach on Sept. 2, immediately after banking partners and law enforcement raised alarms that its systems may have been infiltrated. The malicious software used in the breach hadn't been seen in previous attacks and was designed to evade detection by anti-virus software, the company has said. The vulnerability has been closed off, and Home Depot has eliminated the malware from its systems.

A third-party vendor was also the root of Target Corp.'s breach last year, when hackers stole about 40 million payment-card numbers at the height of the holiday season.

So far, Home Depot has weathered its breach more smoothly than Target, which suffered a decline in sales and was reprimanded by lawmakers. Home Depot on Thursday reiterated its financial targets for 2014, saying sales will grow about 4.8 per cent and earnings will climb 21 per cent to $4.54 a share.

The shares rose 1.6 per cent to $97.29 in New York before it made the statement. The stock has climbed 18 per cent this year, outpacing the Standard & Poor 500 Index's 9.9-per-cent gain.

Story continues below advertisement

The company is bolstering the security in all its U.S. stores, including encrypting more data and adding chip-and-PIN technology. Home Depot has almost 2,300 retail stores.

Report an error
Tickers mentioned in this story
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies