At least 53 million customers' email addresses have been stolen by hackers from Home Depot, several reports said.
This came after the company's earlier announcement that at least 56 million payment cards have been stolen from the "world's largest home improvement chain," Reuters said.
The hacking incident was confirmed by Home Depot last September. A BBC News report said that the hacking took place between April and September. They have already traced how the hackers accessed its network. It noted that the hackers used the username and password of a third-party vendor.
"Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network. These stolen credentials alone did not provide direct access to the company's point-of-sale devices," Home Depot said in a statement issued November 6.
"The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada," it added.
But the company said that customers do not have to worry so much as the hacked files "did not contain passwords, payment card information or other sensitive personal information."
The statement was just a way of "notifying affected customers" in the United States and Canada. However, Home Depot warned its customers to be alert against phishing scams that may trick them and convince them to share personal information.
According to BBC News, analysts have already considered this hacking incident as "one of the largest breaches on record" even greater than that of Target's previous breach incident. The company also said that the breach would cost them roughly $62 million, as reported by Reuters.
To allay fears, Home Depot reiterated that the malware that was used in the attack has already been eliminated from their systems. It also claimed that they continue to investigate and to coordinate with law enforcement to improve security measures.
The statement also revealed that the company has already been implementing "an enhanced encryption of payment data in all U.S. stores." With the use of this new security protection, payment card data are being locked down, making it useless and impossible for hackers to read. Voltage Security, Inc. is the provider of Home Depot's encryption technology. It has also been tested and validated by two independent IT security firms, it added.
The encryption technology was only used recently and has been completed in all US stores this September. The implementation of the encryption technology in all Canadian stores is still ongoing and is expected to be finished by early next year.
The company has also been using EMV chip-and-PIN technology to make payment cards even more protected, it claimed. This Chip-and-PIN Technology has already been rolled out in Canadian stores as early as 2011. As for US stores, the technology has already been launched and is expected to be completed earlier than expected.