Home Depot (HD) was emailing customers on Wednesday to notify them their email address could be among those stolen by thieves who also took payment data from the home improvement retailer.
Home Depot last week disclosed that 53 million consumers' email addresses had been taken in the theft. The file that contained the email addresses, the company said, did not contain financial or other personal information. Notifications apparently started this week.
The primary risk to those whose emails were stolen is becoming the target of phishing attacks. That involves getting emails that are intended to dupe consumers into giving up more personal information, typically under the guise of helping them. Crooks will try to extract passwords, financial and personal information to give them enough opportunity to either commit identity theft or fraud.
The more information a crook running a phishing operation has, the more personalized (and potentially believable) the come-on can be. So, the best defense is to not click on links in emails or respond with personal information, even if it appears the email is from a company you do business with.
You can see some examples of phishing emails on the federal government site OnGuardOnline.gov as well as other cautions. If you identify a phishing email, the site recommends reporting it by email to the government's spam complaint center, firstname.lastname@example.org, as well as to the company the email claims to be from.
Here's the text of the email Home Depot is sending out:
Dear Valued Customer,
The Home Depot has discovered that a file containing your email address may have been taken during the payment card breach we announced in September. The file contained email addresses, but it did not contain passwords, payment card information, or other sensitive personal information. We apologize for this incident and for the inconvenience and frustration this may cause you.
In all likelihood this event will not impact you, but we recommend that you be on the alert for phony emails requesting personal or sensitive information. If you have any questions or would like additional information on how to protect yourself from email scams, please visit our website or call 1-800-HOMEDEPOT.
Again, we apologize for the frustration and inconvenience this incident may have caused. Thank you for your continued support.
The Home Depot