Home Depot sends hundreds of emails to wrong customers

A Home Depot store in Etobicoke, Ontario, outside Toronto.
(Image credit: Niloo/Shutterstock)

Eh sorry! Home Depot Canada is red-faced after sending out hundreds of order-pickup notifications to the wrong people.

"Hey um... I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada," tweeted Spencer Monckton, a graduate student in Toronto, yesterday (Oct. 28). "There are 660+ emails. Something has gone wrong." (This story was first reported by Bleeping Computer.)

See more

"This is a VERY serious data breach that has affected at least 900 consumers, not just in-store pick-up," tweeted Bethany Frances of the London, Ontario area. "My ONLINE ORDER was sent to 300 people, and I received the ONLINE ORDERS of 43 others. Names, home addresses, order info and credit card info was all shared :("

See more

That's all accurate, except for the bit about the credit-card information -- only the last four digits of card numbers were included in the emails, according to Bleeping Computer. Many of the emails contained the address of the Home Depot store where the order was to be picked up, but some had the customer's home address as well.

Affected Home Depot Canada customers are not facing much extra risk as a result of these emails. Crooks can't do much with only four credit-card digits. It's possible, but unlikely, that some of the recipients of this email flood might forward them to spammers who could harvest the email addresses.

Still, this is pretty embarrassing for Home Depot, and its Canadian division quickly created a boilerplate explanation, if not quite an apology, for everyone who tweeted at it complaining of the email messages.

"Thank you for reaching out to us. We are aware of what occurred this morning and can confirm that this issue has now been fixed," multiple identical Home Depot Canada tweet replies said. "This issue impacted a very small number of our customers who had in-store pick-up orders. Please DM us with any additional questions."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

  • mejustsayin
    home depot has a history of messing up their emails. I remember a couple of years ago, I made a payment of 100 bucks then almost immediately gotten several emails about payments being processed for 10,000 bucks. Fortunately it was just a bug because I would still be sitting in jail if those payments tried to process through my bank. when I called them they said I was not the only one.