Home Depot filters your customers’ order history. Hacking sensitive data

Hundreds of Canadian citizens could be affected by a data breach in Home Depot that has compromised multiple personal details, including full names, addresses, email addresses, and partial financial information. Over the past few days the company’s customers reported receiving emails confirming strange orders, so the company had to begin a thorough investigation.

One of the affected users shared via Twitter a screenshot of the message received, requesting an explanation from the company: “I have more than 600 emails; something’s wrong.”

The company responded quickly, albeit only to confirm the security incident without adding further details: “We are aware of what happened this morning and can confirm that this issue has already been fixed. This issue affected a very small number of our customers who had orders to pick up at the store.” Home Depot has asked affected users to email their customer service area.

Although the company contends that the incident affected only a small number of users, security specialists analyzed the number of reports issued on Twitter, calculating that some 900 users could have been affected.

On the causes of the incident, a company representative sent a message to the specialized ThreatPost platform: “This Tuesday night we discovered an error in our ordering system, which affected some of our users in Canada. Some users may have received multiple emails related to orders they never placed; the problem has already been solved.”

As a security measure, the company recommends that affected users delete received emails and not click on the contained links, as this could expose them to subsequent security incidents.

This is not the only incident that has affected the company’s customers. In 2014, Home Depot was the victim of a data breach that affected nearly 50 million customers whose personal and financial information was obtained by malicious hacking groups. After a lengthy legal process, the company agreed to pay nearly $20 million USD as compensation to affected customers.