From May 7, 2014 until May 21, 2014, the employee, who was authorized to have access to computer systems, leveraged that access to obtain credit card information from Home Depot tool rental transactions.
For less than 500 cards, the employee provided the following stolen information to third parties: name, address, phone number, birthdate, card brand, card account number, and card expiration date.
The employee also accessed the same information for an additional 30,000 accounts, though that information doesn’t appear to have been provided to third parties.
“The associate did not hack our systems, rather, he took advantage of access that was required by his job responsibilities,” senior corporate counsel Stacey Keegan wrote in the notification letter [PDF]. “His access to our systems has been terminated and his electronic devices have been seized by law enforcement.”
All those affected are being offered one free year of identity protection services from AllClear ID.
In February of 2014, three Home Depot human resources employees were arrested for allegedly accessing employees’ information and using it to apply for fraudulent credit cards.