Home Depot Hammered by Supply Chain Data Breach

  /     /     /  
Publicated : 23/11/2024   Category : security


Home Depot Hammered by Supply Chain Data Breach


SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.



A hacking forum leak has led Home Depot to confirm that its employee data was compromised via a third-party software vendor.
Home Depot did not identify the breached software-as-a-service (SaaS) vendor but said an error exposed the names, corporate IDs, and email addresses of a small sample of its employees,
according to reports
. Now up for sale on the Dark Web, this is the type of data that could be used to fuel targeted phishing cyberattacks.
The incident highlights how selecting SaaS vendors with strong cybersecurity protections is critical for enterprises, according to Tamir Passi, director of product with DoControl.
Passi recommends testing a third-party suppliers workflow before providing them access to your data.
Ideally, real employee data should not be used to test a new vendors workflow, Passi explained in a statement. In general, system testing and validation should be done with non-production data sets unless all the necessary and same security and privacy protocols are in place for production as for testing.
Passi cautioned that once data is handed over to a partner, its too late to do anything about its security.
In addition to due diligence and vetting prior to selecting a SaaS vendor, Mika Alto, co-founder and CEO of Hoxhunt, recommends regular audits.
The threat landscape is always changing, so continuous training on security best practices are vital, Alto said in a statement. Employees and security professionals at all levels should be equipped to recognize and respond to potential threats, including those that may arise from third-party sources.
A decade ago
Home Depot experienced a much larger data breach
where customer credit card data related to purchases at stores across the US and Canada was compromised.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Home Depot Hammered by Supply Chain Data Breach