Dwelling Depot has confirmed that it suffered a data breach after one among its SaaS distributors mistakenly uncovered a small pattern of restricted worker knowledge, which might doubtlessly be utilized in focused phishing assaults.
Dwelling Depot is the biggest house enchancment retailer, with greater than 2,300 shops in North America and over 475,000 workers.
On Thursday, a risk actor generally known as IntelBroker leaked restricted knowledge for roughly 10,000 Dwelling Depot workers on a hacking discussion board.
“In April 2024, Dwelling Depot suffered a data breach that uncovered the company info belonging to 10K workers of the corporate,” reads the discussion board submit.
Supply: BleepingComputer
After BleepingComputer contacted Dwelling Depot, the corporate confirmed that one among its third-party SaaS distributors mistakenly uncovered pattern worker knowledge.
“A 3rd-party Software program-as-a-Service (SaaS) vendor inadvertently made public a small pattern of Dwelling Depot associates’ names, work e mail addresses and Consumer IDs throughout testing of their methods,” Dwelling Depot instructed BleepingComputer.
Whereas this knowledge shouldn’t be extremely delicate, exposing solely company IDs, names, and e mail addresses, it may very well be utilized by risk actors to conduct focused phishing assaults in opposition to Dwelling Depot workers.
These phishing assaults may very well be designed to collect extra delicate info, similar to Dwelling Depot credentials, which might then be offered to different risk actors or used to breach the corporate’s community to steal company knowledge or deploy ransomware.
Because of this, all Dwelling Depot workers must be cautious of any emails containing hyperlinks to pages that request company credentials or different info. If one among these emails is acquired, it must be reported to the corporate’s IT employees, who can confirm whether or not it’s authentic.
IntelBroker is a widely known risk actor who first gained notoriety by breaching DC Well being Hyperlink, a corporation that administers the well being care plans of U.S. Home members, their employees, and their households.
The incident resulted in widespread media consideration and a congressional listening to after the info for 170,000 affected people, together with members and employees of the U.S. Home of Representatives, was leaked.
Different cybersecurity incidents linked to IntelBroker are the breaches of PandaBuy, Acuity, Hewlett Packard Enterprise (HPE) and the Weee! grocery service, in addition to an alleged breach of Common Electrical Aviation.
