The largest home improvement retailer worldwide said the stolen e-mail addresses were in addition to the approximately 56 million debit and credit cards that were compromised during the data breach.
The Home Depot, Inc. (NYSE:HD) said the files taken by the hackers did not contain passwords, payment card information or other sensitive information.
Hackers used third-party user name and password
According to the company, the hackers used the user name and password of a third-party vendor to enter the perimeter of its network. The hackers failed to get direct access to its point of sale devices using the stolen credentials alone.
The Home Depot, Inc. (NYSE:HD) said the hackers then acquired elevated rights, which enabled them to navigate portions of its network and deploy unique, custom-built malware on its self-checkout systems in Canada and the United States.
The security partners of the company previously disclosed that the hackers used a malware that had not been seen on any prior attacks, and it was designed to avoid detection by antivirus software. The Home Depot, Inc. (NYSE:HD) reiterated that the malware was already removed from its system, and the hacker’s method of entry had been closed.
Home Depot improves its cyber security
The Home Depot, Inc. (NYSE:HD) enhanced the encryption of payment data in all of its stores in the United States. Its encryption technology was tested and validated by independent IT security firms, and it was provided by Voltage Security.
The company said it will be able to complete the implementation of the encryption technology to its Canadian store by early 2015.
It is also implementing EMV chip-and-PIN technology for extra layers of protection to the payment cards of customers. The technology is already available in its Canadian stores since 2011. The company launched it as a project for its stores in the U.S. in January last year, and it will be completed before the deadline of the payment industry.
Home Depot maintains FY14 guidance
The Home Depot, Inc. (NYSE:HD) maintained its previous sales and earnings per share growth guidance of 4.8% and 21% for the fiscal 2014. The company expected to deliver earnings of $4.54 per share for the full year (including estimates for the costs related to the data breach).
It is scheduled to release its third quarter financial results on November 18.