Home Depot says 53 million emails stolen in hack

Home Depot released additional findings in its investigation of the massive data breach it discovered in September, revealing that about 53 million email addresses were stolen in addition to the 56 million credit cards that were affected.

Though the addresses were compromised, the retailer confirmed in a statement on Thursday that no passwords, credit card information or other sensitive information were hacked in connection with the email addresses.

Other new details included the following:

• A third-party vendor's user name and password were used in the initial breach of Home Depot's network.
  
   


• In order to directly access the point-of-sale data, the hackers got hold of "elevated rights" that allowed them to plant custom-built malware into the systems.
  
   

Home Depot is currently in the process of notifying customers in the United States and Canada whose email addresses were stolen. It is also urging consumers to be on alert for phishing scams.

The Home Depot has been investigating the matter for several weeks now with the help of law enforcement and third-party IT security experts.

The company's woes are part of a much larger trend of 644 data breaches recorded so far in 2014, according to a recent report from the Identity Theft Resource Center (ITRC). That's 78.16 million records exposed this year. To put that in context, approximately 670 million records have been exposed in 4,890 data breaches since 2005.

Home Depot also confirmed its previously issued guidance in the same statement, with fiscal 2014 sales growth approximating 4.8% and diluted earnings per share growth guidance of $4.54 -- a 21% increase. This takes into account costs incurred to investigate the data breach, monitor customers' credit and pay for legal fees, though the company said it hasn't yet estimated the extent of the "probable losses."