Home Depot has confirmed that it suffered a data breach after one of its Software-as-a-Service (SaaS) vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks, reports Bleeping Computer. Last Thursday, a threat actor known as IntelBroker leaked limited data for approximately 10,000 Home Depot employees on a hacking forum. “A third-party SaaS vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and user IDs during testing of its systems,” Home Depot told BleepingComputer.
IntelBroker is a well-known threat actor who first gained notoriety by breaching DC Health Link, an organization that administers the healthcare plans of U.S. House members, their staff, and their families. Data for 170,000 affected individuals, including members and staff of the U.S. House of Representatives, was leaked. Other cybersecurity incidents linked to IntelBroker are the breaches of PandaBuy, Acuity, Hewlett Packard Enterprise (HPE) and the Weee! grocery service, as well as an alleged breach of General Electric Aviation.
Total Retail’s Take: Home Depot employees will need to take extra precautions following this leak of their work data. Hackers could use names and email addresses in phishing attacks to trick employees into clicking an email link or responding to an email with more sensitive data. More concerning from the organization’s perspective is how this data came to be leaked through a trusted third-party vendor. So what can be done?
In an email to Total Retail, Colin Little, security engineer at Centripetal, commented on the importance of collaboration on cybersecurity between enterprises and third parties. “If there’s a risk of public exposure of data, sharing of knowledge and experience with tooling or collaboratively exploring new tooling to secure that perimeter may facilitate building solutions with security in mind, provide the enterprise with more visibility and assurance, as well as ultimately prevent this type of incident.”
Conventional third-party controls for SaaS solutions are insufficient to meet the significant growth in SaaS usage at enterprise scale, according to Jim Routh, chief trust officer at Saviynt. “You’re only as secure as your weakest link, and that link is increasingly third-party providers,” added Jeff Margolies, Saviynt’s chief product and strategy officer. “Enterprises need to extend their identity security perimeter by better managing third-party access to sensitive data.”
View Original Article