Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information. Names, physical addresses, email addresses, order details and credit card info were all shared. Home Depot Canada confirmed the issue to online shoppers on Wednesday. The company was quick to respond, although it didn t provide many details. None of the emails contained passwords or un-hashed payment card information. The information is enough to craft convincing phishing and fraud messages, experts say.
Source: https://threatpost.com/home-depot-data-breach-order-confirmation/160728/