Reuters reports:
Home Depot Inc, the world’s largest home improvement chain, said about 53 million more email addresses were taken during a recent breach of its payment data systems.
[…]
Home Depot said the stolen files that contained the additional email addresses did not include passwords, payment card information or other sensitive personal information.
Criminals used a third-party vendor’s user name and password to enter the perimeter of its network, Home Depot said in a statement.
Read more on Reuters. In a statement on their website, Home Depot writes:
We are making every effort to notify any customer whose email address was taken.In all likelihood this will not impact you. But, as always, it’s important to be on guard against phishing scams that are designed to trick you to provide personal information in response to phony emails. It is important not to give out personal information on the phone, through the mail or on the Internet, unless you have initiated the contact and are sure of who you’re dealing with. Similarly, you should not click directly on any email links if you have any doubts about whether the email comes from a legitimate source.
Retailers are calling on Congress to take action to prevent hackers from stealing data, arguing lawmakers should pass legislation that imposes a uniform, federal standard for rules regarding breaches.
The coalition of groups calling for action includes national and state retail associations as well as hotels, grocery stores and petroleum sellers.
“Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur,” the letter said.
Read more on The Hill.