- The first reports of the data breach appeared on Twitter on Oct. 28 as customers said they received reminder emails by mistake for hundreds of orders that were ready to pick up. The emails included customer names, email addresses, order numbers and the last four digits of customer payment cards.
- Customers must be warned that the following scenario could play out:
- “After this event, any attacker with that information on orders in process or ready can just call or send a look-alike email and say ‘Sorry about this data breach, let us offer you this $50 gift card – please click here to receive it.’
- “And then, a smart attacker would send a follow-up email or a text to each consumer whose data was leaked, saying ‘we’re sorry – please check your email, we’ve just sent you a gift card as a valuable customer. You can also access your gift card by clicking here.” Or they could pretend to call from HD Customer Service to collect the complete credit card information.”
– Duncan Riley | November 1, 2020
