Home Depot on April 8 confirmed to SC Media that a third-party software-as-a-service vendor had made public some employee data and that they had, in effect, been breached.
A report in BleepingComputer said while the leaked data was not sensitive and only included the corporate IDs, names, and email addresses of the Home Depot associates, threat actors could use the data to conduct targeted phishing attacks on the employees.
The news followed a report on April 4 in which the threat actor IntelBroker said it leaked the data of about 10,000 employees on a hacking forum.
IntelBroker is best known for breaching DC Health Link last year, the group that manages the healthcare plans of U.S. House members and their staffs.
The Home Depot data breach highlights the importance of companies implementing third-party risk management, said Craig Harber, chief evangelist at Open Systems.
Harber said companies must implement consistent security standards across their entire business ecosystem to help mitigate cyberattacks originating through partner and supplier systems.
Misconfigurations are a magnet for hackers, who now use AI to find and exploit vulnerabilities with incredible efficiency, said Mika Aalto, co-founder and CEO at Hoxhunt.
Aalto said It's vital for the good guys to use emerging technical capabilities, as well to automatically find and patch the cracks in our defenses before the bad guys do.
Jason Keirstead, vice president of collective threat defense at Cyware, added that the Home Depot breach underscores a critical issue for the cybersecurity community: the importance of supply chain security and a program that allows for collective defense.
This Cyber News was published on packetstormsecurity.com. Publication date: Tue, 09 Apr 2024 15:28:05 +0000