The Home Depot Company CyberSecurity Posture

homedepot.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

The Home Depot, the world’s largest home improvement specialty retailer, values and rewards dedicated, knowledgeable, and experienced professionals. We operate more than 2,300 retail stores in all 50 states, the District of Columbia, Puerto Rico, the U.S. Virgin Islands, Guam, Canada, and Mexico. All of our associates have one thing in mind — helping our customers build and improve their homes. Join The Home Depot team today and see for yourself why we are consistently ranked as a top Fortune 500 company.

The Home Depot A.I CyberSecurity Scoring

HD

Company Details

Linkedin ID:

the-home-depot

Website:

http://www.careers.homedepot.com

Employees number:

125,004

Number of followers:

1,033,148

NAICS:

43

Industry Type:

Retail

Homepage:

homedepot.com

IP Addresses:

62

Company ID:

THE_3252455

Scan Status:

In-progress

AI scoreHD Risk Score (AI oriented)

Between 800 and 849

https://images.rankiteo.com/companyimages/the-home-depot.jpeg
HD Retail
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreHD Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/the-home-depot.jpeg
HD Retail
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

The Home Depot

Good
Current Score
801
A (Good)
01000
6 incidents
-15.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
824
Breach
13 Dec 2025 • The Home Depot: Leaked Home Depot credential exposed internal systems for a year
Home Depot Credential Leak

**Home Depot Ignored Security Researcher’s Warning About Exposed Credential** Security researcher **Vinny Troia (operating under the alias "Zimmerman")** disclosed that **Home Depot failed to respond** to multiple alerts about a **publicly exposed credential**, despite his history of reporting similar vulnerabilities to other companies. Troia, who has previously notified organizations about security risks, stated that Home Depot was the only company to ignore his warnings. The exposed credential was **removed from public view** only after **TechCrunch reached out to Home Depot** last week. The incident highlights potential gaps in the company’s vulnerability disclosure process, though no details were provided on whether the credential was misused or the extent of its exposure. The case underscores the risks of unaddressed security alerts in enterprise environments.

801
low -23
THE1765591280
Incident Details -
Type
Data Exposure
Attack Vector
Publicly Exposed Credential
Impact
Data Compromised: Credential
Response
Containment Measures: Credential removed from public view
Data Breach
Type Of Data Compromised: Credential
References
Blog URL Source URL
NOVEMBER 2025
824
OCTOBER 2025
830
Cyber Attack
06 Oct 2025 • Home Depot
Scattered Lapsus$ Hunters Data Leak Extortion Campaign Targeting Salesforce Customers

Home Depot was listed among the 39 victims of the **Scattered Lapsus$ Hunters** cybercrime group, which breached corporate Salesforce instances via social engineering. The stolen data includes **personal and contact information of customers, employees, and partners**, with specific risks tied to a dedicated file containing **government employees' details**—names, email/postal addresses, and phone numbers. This exposure heightens risks of **targeted phishing, fraud, and even political violence** against individuals. The breach also involves sensitive data like **account IDs, dates of birth, passport/Social Security numbers, and purchase histories**, which could fuel identity theft or financial fraud. The group threatens to **publicly leak the data** unless a ransom is paid by **October 10, 2025**, leveraging pressure through a dark web leak site. Salesforce denies platform compromise but acknowledges extortion attempts linked to past incidents.

823
critical -7
THE5692256100625
Incident Details -
Type
Data Breach Extortion Social Engineering
Attack Vector
Social Engineering Compromised Salesforce Instances OAuth Credential Theft (Salesloft/Drift)
Vulnerability Exploited
Human Error (Social Engineering) Potential Salesforce Misconfigurations
Motivation
Financial Gain (Extortion) Reputation Damage Legal Pressure on Salesforce
Impact
Personal/Contact Information (Customers/Employees/Partners) Account IDs Dates of Birth Passport Numbers Social Security Numbers Purchase Histories Live Chat Transcripts Government Employee Records (e.g., Home Depot) Salesforce Instances OAuth Credentials (Salesloft/Drift) Potential Phishing/Social Engineering Risks Legal Liabilities Reputational Harm High (Public Data Leak Site) Threat of Litigation Against Salesforce Civil/Commercial Litigation Against Salesforce Potential GDPR/CCPA Violations Identity Theft Risk: High
Response
Incident Response Plan Activated: Yes (Salesforce) External Experts Authorities Law Enforcement Notified: Yes (Salesforce) Security Advisory Issued Customer Vigilance Advisories Public Advisory Help Portal Support
Data Breach
Personal Information Contact Information Account IDs Dates of Birth Passport Numbers Social Security Numbers Purchase Histories Live Chat Transcripts Government Employee Records Sensitivity Of Data: High (PII, Financial, Government) Data Exfiltration: Yes Personally Identifiable Information: Yes
Regulatory Compliance
Potential GDPR CCPA Sector-Specific Data Protection Laws Threatened Civil/Commercial Litigation Against Salesforce
Recommendations
Enhance Social Engineering Training Implement Multi-Factor Authentication (MFA) for Salesforce Monitor Dark Web for Stolen Credentials Review OAuth Integrations (e.g., Salesloft/Drift) Proactive Threat Hunting for Compromised Accounts
Investigation Status
Ongoing (Salesforce denies platform compromise; external experts involved)
Customer Advisories
Public Security Advisory Issued
Stakeholder Advisories
Salesforce Help Portal Support Vigilance Against Phishing
Initial Access Broker
Social Engineering (Salesforce) OAuth Credential Theft (Salesloft/Drift) Salesforce Customer Databases PII-Rich Records Data Sold On Dark Web: Yes (Sample Data Published)
Post Incident Analysis
Social Engineering Vulnerabilities Potential Salesforce Misconfigurations OAuth Security Gaps
References
Blog URL Source URL
SEPTEMBER 2025
830
AUGUST 2025
830
JULY 2025
830
JUNE 2025
830
MAY 2025
830
APRIL 2025
830
MARCH 2025
829
FEBRUARY 2025
829
JANUARY 2025
829
SEPTEMBER 2014
769
Breach
01 Sep 2014 • Home Depot
Home Depot Data Breach

In one of the most significant cybersecurity breaches impacting the retail sector, Home Depot faced a formidable cyber attack between April and September 2014. Using a third-party vendor's login credentials, attackers infiltrated Home Depot’s network, then deployed sophisticated malware designed to infect the retailer’s POS system, aiming to harvest customer payment information. This breach had a massive scope, affecting 52 million customers. It caused considerable financial and reputational damage to the company. Home Depot subsequently agreed to pay $17.5 million to settle claims across the country, linked to this incident. However, this sum was only a part of the overall financial impact on Home Depot, which incurred pretax expenses of $198 million related to the breach, its aftermath, and subsequent litigation by customers, payment card issuers, and financial institutions before reaching the settlement. This event underscores the critical importance of stringent cybersecurity measures and the potential consequences of vulnerabilities within third-party vendor systems.

723
critical -46
THE500050824
Incident Details -
Type
Data Breach
Attack Vector
Third-party vendor's login credentials
Vulnerability Exploited
Weak vendor credentials
Motivation
Financial gain
Impact
Financial Loss: 198 million USD Data Compromised: Payment information Systems Affected: POS systems Brand Reputation Impact: Significant Legal Liabilities: 17.5 million USD settlement Payment Information Risk: High
Data Breach
Type Of Data Compromised: Payment information Number Of Records Exposed: 52 million Sensitivity Of Data: High Data Exfiltration: Yes
Lessons Learned
The critical importance of stringent cybersecurity measures and the potential consequences of vulnerabilities within third-party vendor systems.
Initial Access Broker
Entry Point: Third-party vendor's login credentials
Post Incident Analysis
Root Causes: Weak vendor credentials leading to malware deployment on POS systems
References
Blog URL Source URL
JUNE 2014
797
Breach
16 Jun 2014 • Home Depot
Home Depot Data Breach

In 2014, Home Depot experienced a major security breach that compromised over 50 million credit cards. Cybercriminals exploited a third-party vendor’s credentials to access the network and install malware on point-of-sale systems. As customers swiped their credit cards at physical stores, their data was clandestinely captured by the attackers, posing serious privacy and financial risks.

766
critical -31
THE423051424
Incident Details -
Type
Data Breach
Attack Vector
Third-party vendor credentials exploitation
Vulnerability Exploited
Credentials exploitation
Motivation
Financial gain
Impact
Data Compromised: Credit card information Systems Affected: Point-of-sale systems Payment Information Risk: High
Data Breach
Type Of Data Compromised: Credit card information Number Of Records Exposed: Over 50 million Sensitivity Of Data: High Data Exfiltration: Yes
Initial Access Broker
Entry Point: Third-party vendor credentials
References
Blog URL Source URL
APRIL 2014
817
Breach
01 Apr 2014 • The Home Depot, Inc.
Home Depot Data Breach

The California Office of the Attorney General reported a data breach involving The Home Depot, Inc. on September 9, 2014. The breach potentially impacted customers using payment cards at Home Depot stores in the U.S. and Canada from April 2014 onward, involving payment card information including names, credit card numbers, and expiration dates. There is no evidence that debit PIN numbers were compromised.

795
critical -22
THE527072725
Incident Details -
Type
Data Breach
Impact
names credit card numbers expiration dates
Data Breach
payment card information Sensitivity Of Data: High
References
Blog URL Source URL
FEBRUARY 2014
853
Breach
10 Feb 2014 • The Home Depot, Inc.
Data Breach at The Home Depot, Inc.

The California Office of the Attorney General reported a data breach incident involving The Home Depot, Inc. on February 10, 2014. The breach relates to unauthorized access by three HR associates to the personal information of current and former associates, potentially including names, contact information, social security numbers, and financial account numbers. However, the exact number of affected individuals and the breach date were not specified.

817
high -36
THE1011072525
Incident Details -
Type
Data Breach
Attack Vector
Unauthorized Access
Vulnerability Exploited
Internal Access Controls
Impact
Names Contact Information Social Security Numbers Financial Account Numbers
Data Breach
Personal Information Financial Information Sensitivity Of Data: High
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for The Home Depot is 801, which corresponds to a Good rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 824.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 830.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 829.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 829.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 829.

Over the past 12 months, the average per-incident point impact on The Home Depot’s A.I Rankiteo Cyber Score has been -15.0 points.

You can access The Home Depot’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/the-home-depot.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view The Home Depot’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/the-home-depot.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.