Home Depot, a US home improvement and construction retailer, has fired and is prosecuting an employee who accessed sensitive customer information.
The employee compromised 30,000 customer accounts for two weeks from May 7 to May 21, and leaked 500 of these accounts to third parties. Names, addresses, dates of birth and payment card numbers were shared.
Home Depot subsequently fired the employee and launched a prosecution. In addition, the company has stated that all access controls are being reviewed, and any potential entry points for malicious parties.
The breach specifically impacted transactions in the tool rental area of a number of Home Depot stores.
A release from the company detailed the action Home Depot took, and the plan moving forward. Credit monitoring services are being offered to impacted individuals.
"The employee did not hack our systems; was quickly terminated, and his electronic devices have been seized by law enforcement," Stuart Altman, partner at Hogan Lovells, said in the release.
This type of internal breach can be dangerous, as staff are often familiar with systems and the associated vulnerabilities. A detailed security audit can identify any flaws in a security network, and employees carrying out malicious activity.