Hackers used passwords stolen from a third-party vendor to infiltrate Home Depotâ€™s network, according to a press release. With high-level permissions, the hacker navigated portions of the network, found a vulnerability and planted custom-built malware on self-checkout systems in the US and Canada.
The stolen data is comprised of â€œpartially publicâ€ email addresses.
â€œThese files did not contain passwords, payment card information or other sensitive personal information,â€ Home Depot said.
The malware was designed to escape antivirus detection systems, the investigation revealed. As a result of the breach, the company has taken several extra security measures including enhanced encryption of the payment information collected in its US stores to avoid data scraping. The implementation in Canadian stores will be complete by early 2015, it added.
The retailer also embraced EMV technology, which is recognized to come with stronger security features than magnetic cards.