A spreadsheet listing 8,000 customers, along with their a range of personal and transaction information, is posted for an unknown amount of time, on a Home Depot website.
There is no financial data as part of the list, this did not compare with the data breach in 2014 in which the hackers installed a software which provided them with the personal and financial information of 56 million Home Depot customers.
“This recent theft of customer data which was exposed on the HomeDepot.com is a different type and scale compared to what was harvested during the Home Depot’s breach in 2014,” wrote the Consumerist a part of this Consumer Reports organization. “While these spreadsheets contained no bank account information, credit card data, or Social Security numbers, which are considered as legally protected data, the level of transaction detail is extensive.”
The company spokesman Stephen Holmes has said the information is taken down just as soon as it is discovered, although he is not sure exactly when this occurred. “This happened a while ago,” he said.
The information was posted online by a combination of technical glitch and human error, Holmes said.
The lists, in this case, are hosted under the Home Depot webdomain so they were accessible to public. However, they would be seen only by anyone who knew where to look.
Still the fact that the customer data was listed on web is a problem which “raises a variety of questions,” Consumerist wrote. “For instance: How frequently does this sort of thing happen? Do companies have any obligation to tell consumers if their data is exposed this way? And perhaps most important for the people whose names and information was listed in these documents: Just how potentially damaging could this data be if it fell into the wrong hands?”