Home Depot, which last experienced an insider breach in February, has fired and is prosecuting an employee who, for two weeks in May, accessed information on more than 30,000 customer accounts.
How many victims? Approximately 30,000 accounts were compromised. Less than 500 accounts had information distributed to third parties.
What type of personal information? Names, addresses, phone numbers, dates of birth, brands, primary account numbers (payment card numbers) and expiration dates.
What happened? A former employee accessed account information and distributed it to third parties.
What was the response? The employee was fired and is being prosecuted. Home Depot is reviewing access controls to ensure a similar incident does not occur in the future. All impacted individuals are being notified and offered a free year of credit monitoring services.
Details: The former employee was accessing the accounts from May 7 to May 21. The information related to transactions in the tool rental area of Home Depot stores.
Quote: “The employee did not hack our systems; was quickly terminated, and his electronic devices have been seized by law enforcement,” Stuart Altman, partner at Hogan Lovells, wrote in the notification.
Source: doj.nh.gov, “Notification of Potential Data Breach,” May 27, 2014.