Home improvement retail giant Home Depot has disclosed a third-party data breach that exposed personal information of approximately 10,000 employees.
Home Depot Data Breach Linked to IntelBroker
Researchers at BleepingComputer first discovered a post on an underground hacking forum by a threat actor called IntelBroker. The post included limited data of 10,000 Home Depot staff.
Home Depot confirmed to that one of its Software-as-a-Service (SaaS) vendors had inadvertently published a sample dataset containing names, emails and IDs of employees during a testing activity.
While the exposed information was not highly sensitive, cybersecurity experts warn it could be used by malicious actors to conduct convincing spear phishing campaigns aiming to steal more sensitive employee credentials or corporate data.
IntelBroker is a well-known hacker who has previously targeted many organizations, including a major health admin system used by US lawmakers. The actor maintains an active presence on hacking forums.
As a precaution, Home Depot has told all employees to properly verify any unsolicited communications requesting private information and report any suspected phishing attempts.
Investigations in Home Depot Data Breach Ongoing
Both Home Depot and the compromised third-party vendor are investigating the full scope and root cause of the data exposure. It remains unclear if any sensitive corporate systems were impacted as a result of this breach.
The incident has renewed concerns around securing supply chains and limiting data access of external partners, considered one of the biggest cyber vulnerabilities faced by many large companies.