The home improvement giant Home Depot revealed on Thursday that hackers stole 53m email addresses, in addition to obtaining payment card data during a five-month data breach earlier this year.
The hackers entered Home Depot’s network using a vendor’s user name and password, the world’s largest DIY home retailer said in a statement on Thursday.
In September, the Atlanta-based company admitted that 56m credit and debit card numbers were compromised over a five-month period in one of the worst breaches of customer data ever recorded.
The new disclosures are the result of a weeks-long investigation into the attack by the company and law enforcement officials.
Home Depot said the stolen the stolen files with customers’ email addresses did not contain passwords, payment card information or other sensitive personal information, but said customers in the US and Canada should be wary of phishing scams. The company is notifying affected customers.
It said hackers stole information through malware installed on self-checkout systems in the US and Canada.
“The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the US and Canada,” the statement said.
Home Depot said its working with cyber security experts to improve protections against future hacks.
The Home Depot data breach is the latest in a series of other large-scale breaches on US firms including Target and JP Morgan.
The Target hacking compromised 40m cards, and JP Morgan breach went on for several months without the bank’s knowledge.
Target’s breach forced banks, retailers and card companies to increase security by speeding the adoption of microchips in US credit and debit cards, which supporters say are more secure. Home Depot reiterated on Thursday that it will be activating chip-enabled checkout terminals at all of its US stores by the end of the year.
The breach, which lasted from April to September, affects the company’s finances. Home Depot’s outlook for its fiscal 2014 year includes estimates for the cost to investigate the data breach, providing credit monitoring services to its customers, increasing call center staffing and pay for legal and professional services.
The profit outlook does not not include any potential losses related to the breach, however.
Home Depot is expected to announce third-quarter results on 18 November On Thursday it confirmed its sales growth estimate for the year and said it still expects annual profit of $4.54 per share.
The company’s stock rose 5 cents to $97.34 in extended trading Thursday. Shares have gained 18% in 2014.
The Associated Press contributed to this report
This article was written by Lauren Gambino in New York, for theguardian.com on Thursday 6th November 2014 23.46 Europe/Londonguardian.co.uk © Guardian News and Media Limited 2010