Home Depot Exposes Canadian Customers’ Data

On Oct 28 Home Depot customers began reporting that they had received hundreds of emails from the store, each containing an order confirmation for a stranger. The company confirmed that it had inadvertently exposed the private order confirmations of hundreds of Canadians, containing names, physical addresses, email addresses, order details and partial credit-card information. One affected customer posted a screenshot of his inbox on Twitter, filled with random people’s order confirmations, tweeting: “Hey um… I’m pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada. There are 660+ emails. Something has gone wrong.” Home Depot suffered one of the most high-profile data breaches ever in 2014, with 50 million credit card numbers stolen and 53 million email addresses pilfered. The company paid $19.5 million to compensate the victims, after attackers used compromised vendor credentials to gain access to its network and then the point-of-sale system. In a tweet about the latest incident, Home Depot said it was aware of what happened and had fixed the issue.