Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
The Home Depot

The Home Depot Vendor Cyber Rating & Cyber Score

homedepot.com

The Home Depot, the world’s largest home improvement specialty retailer, values and rewards dedicated, knowledgeable, and experienced professionals. We operate more than 2,300 retail stores in all 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Guam, Canada, and Mexico. All of our associates have one thing in mind — helping our customers build and improve their homes. Join The Home Depot team today and see for yourself why we are consistently ranked as a top Fortune 500 company.


HD A.I CyberSecurity Scoring

HD
Company Information
Website:http://www.careers.homedepot.com
Employees number:129,302
Number of followers:1,055,969
NAICS:43
Industry Type:Retail
Homepage:homedepot.com
HD Risk Score (AI oriented)
Between 800 and 849
logo
HDRetail
Updated:
28/06/2026
805/1000
Good
A
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
HD Global Score (TPRM)
xxxx
logo
HDRetail
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

HD
HDGood
Current Score
805A (GOOD)
01000
6 incidents
-15 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
806Before Incident
JUNE 2026
805Before Incident
MAY 2026
802Before Incident
APRIL 2026
803Before Incident
MARCH 2026
803Before Incident
FEBRUARY 2026
803Before Incident
JANUARY 2026
803Before Incident
DECEMBER 2025
824Before Incident
Breach
13 Dec 2025HD
The Home Depot: Leaked Home Depot credential exposed internal systems for a year

Home Depot Credential Leak

801After Incident
LOW-23
THE1765591280
Home Depot Ignored Security Researcher’s Warning About Exposed Credential Security researcher Vinny Troia (operating under the alias "Zimmerman") disclosed that Home Depot failed to respond to multiple alerts about a publicly exposed credential, despite his history of reporting similar vulnerabilities to other companies. Troia, who has previously notified organizations about security risks, stated that Home Depot was the only company to ignore his warnings. The exposed credential was removed from public view only after TechCrunch reached out to Home Depot last week. The incident highlights potential gaps in the company’s vulnerability disclosure process, though no details were provided on whether the credential was misused or the extent of its exposure. The case underscores the risks of unaddressed security alerts in enterprise environments.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: Credential
DATA BREACH
Type Of Data Compromised: Credential
NOVEMBER 2025
824Before Incident
OCTOBER 2025
830Before Incident
Cyber Attack
06 Oct 2025HD
Home Depot

Scattered Lapsus$ Hunters Data Leak Extortion Campaign Targeting Salesforce Customers

823After Incident
CRITICAL-7
THE5692256100625
Home Depot was listed among the 39 victims of the Scattered Lapsus$ Hunters cybercrime group, which breached corporate Salesforce instances via social engineering. The stolen data includes personal and contact information of customers, employees, and partners, with specific risks tied to a dedicated file containing government employees' details—names, email/postal addresses, and phone numbers. This exposure heightens risks of targeted phishing, fraud, and even political violence against individuals. The breach also involves sensitive data like account IDs, dates of birth, passport/Social Security numbers, and purchase histories, which could fuel identity theft or financial fraud. The group threatens to publicly leak the data unless a ransom is paid by October 10, 2025, leveraging pressure through a dark web leak site. Salesforce denies platform compromise but acknowledges extortion attempts linked to past incidents.
INCIDENT DETAILS -
TYPE
Data BreachExtortionSocial Engineering
MOTIVATION
Financial Gain (Extortion)Reputation DamageLegal Pressure on Salesforce
IMPACT
Personal/Contact Information (Customers/Employees/Partners)Account IDsDates of BirthPassport NumbersSocial Security NumbersPurchase HistoriesLive Chat TranscriptsGovernment Employee Records (e.g., Home Depot)Salesforce InstancesOAuth Credentials (Salesloft/Drift)Potential Phishing/Social Engineering RisksLegal LiabilitiesReputational HarmHigh (Public Data Leak Site)Threat of Litigation Against SalesforceCivil/Commercial Litigation Against SalesforcePotential GDPR/CCPA ViolationsIdentity Theft Risk: High
DATA BREACH
Personal InformationContact InformationAccount IDsDates of BirthPassport NumbersSocial Security NumbersPurchase HistoriesLive Chat TranscriptsGovernment Employee RecordsSensitivity Of Data: High (PII, Financial, Government)Data Exfiltration: YesPersonally Identifiable Information: Yes
SEPTEMBER 2025
830Before Incident
AUGUST 2025
830Before Incident
SEPTEMBER 2014
769Before Incident
Breach
01 Sep 2014HD
Home Depot

Home Depot Data Breach

723After Incident
CRITICAL-46
THE500050824
In one of the most significant cybersecurity breaches impacting the retail sector, Home Depot faced a formidable cyber attack between April and September 2014. Using a third-party vendor's login credentials, attackers infiltrated Home Depot’s network, then deployed sophisticated malware designed to infect the retailer’s POS system, aiming to harvest customer payment information. This breach had a massive scope, affecting 52 million customers. It caused considerable financial and reputational damage to the company. Home Depot subsequently agreed to pay $17.5 million to settle claims across the country, linked to this incident. However, this sum was only a part of the overall financial impact on Home Depot, which incurred pretax expenses of $198 million related to the breach, its aftermath, and subsequent litigation by customers, payment card issuers, and financial institutions before reaching the settlement. This event underscores the critical importance of stringent cybersecurity measures and the potential consequences of vulnerabilities within third-party vendor systems.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain
IMPACT
Financial Loss: 198 million USDData Compromised: Payment informationSystems Affected: POS systemsBrand Reputation Impact: SignificantLegal Liabilities: 17.5 million USD settlementPayment Information Risk: High
DATA BREACH
Type Of Data Compromised: Payment informationNumber Of Records Exposed: 52 millionSensitivity Of Data: HighData Exfiltration: Yes
JUNE 2014
797Before Incident
Breach
16 Jun 2014HD
Home Depot

Home Depot Data Breach

766After Incident
CRITICAL-31
THE423051424
In 2014, Home Depot experienced a major security breach that compromised over 50 million credit cards. Cybercriminals exploited a third-party vendor’s credentials to access the network and install malware on point-of-sale systems. As customers swiped their credit cards at physical stores, their data was clandestinely captured by the attackers, posing serious privacy and financial risks.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Financial gain
IMPACT
Data Compromised: Credit card informationSystems Affected: Point-of-sale systemsPayment Information Risk: High
DATA BREACH
Type Of Data Compromised: Credit card informationNumber Of Records Exposed: Over 50 millionSensitivity Of Data: HighData Exfiltration: Yes
APRIL 2014
817Before Incident
Breach
01 Apr 2014HD
The Home Depot, Inc.

Home Depot Data Breach

795After Incident
CRITICAL-22
THE527072725
The California Office of the Attorney General reported a data breach involving The Home Depot, Inc. on September 9, 2014. The breach potentially impacted customers using payment cards at Home Depot stores in the U.S. and Canada from April 2014 onward, involving payment card information including names, credit card numbers, and expiration dates. There is no evidence that debit PIN numbers were compromised.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namescredit card numbersexpiration dates
DATA BREACH
payment card informationSensitivity Of Data: High
FEBRUARY 2014
853Before Incident
Breach
10 Feb 2014HD
The Home Depot, Inc.

Data Breach at The Home Depot, Inc.

817After Incident
HIGH-36
THE1011072525
The California Office of the Attorney General reported a data breach incident involving The Home Depot, Inc. on February 10, 2014. The breach relates to unauthorized access by three HR associates to the personal information of current and former associates, potentially including names, contact information, social security numbers, and financial account numbers. However, the exact number of affected individuals and the breach date were not specified.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
NamesContact InformationSocial Security NumbersFinancial Account Numbers
DATA BREACH
Personal InformationFinancial InformationSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for HD ?
?
What was HD's A.I Rankiteo Cyber Score in June 2026 ?
?
What was HD's A.I Rankiteo Cyber Score in May 2026 ?
?
What was HD's A.I Rankiteo Cyber Score in April 2026 ?
?
What was HD's A.I Rankiteo Cyber Score in March 2026 ?
?
What was HD's A.I Rankiteo Cyber Score in February 2026 ?
?
What was HD's A.I Rankiteo Cyber Score in January 2026 ?
?
What was HD's A.I Rankiteo Cyber Score in December 2025 ?
?
What was HD's A.I Rankiteo Cyber Score in November 2025 ?
?
What was HD's A.I Rankiteo Cyber Score in October 2025 ?
?
What was HD's A.I Rankiteo Cyber Score in September 2025 ?
?
What was HD's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on HD's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with HD ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view HD's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?