by: Rachel Stockman Updated:ATLANTA —
The U.S. Secret Service is investigating a security breach at Atlanta-based Home Depot’s corporate headquarters. According to a criminal complaint, three human resources employees were arrested after accessing employees’ confidential information and opening fraudulent credit cards.
“Our corporate security, IT security and legal teams quickly investigated the matter and notified law enforcement, and the three associates were subsequently arrested,” said Stephen Holmes, the Director of Corporate Communications at Home Depot. No customer information was compromised.
Employees Lakisha Grimes, and Paulette Shorter were all arrested on fraud charges and released on bond. A third person arrested later had those charges dismissed.
“That is everything you need right there: Social Security number, date of birth, you’ve got it,” said Brent Brown, the CEO of Chesley Brown Companies. His company does corporate security, and he says this type of crime is on the uptick
“They are doing it in such a way that sometimes the breach goes unnoticed for days, months, maybe even longer, that is the scary part,” said Brown.
According to the criminal complaint, Home Depot Corporate Security alerted the U.S. Secret Service to the crime after discovering that one of the women sent an email from her Home Depot account containing an attachment which contained more than 300 Home Depot employees’ identifying information, including Social Security numbers and birthdates.
Home Depot has notified the affected employees and is offering free credit monitoring.
“Out of an abundance of caution and looking at the universe of those whose information might have been exposed – which we believe is between 10 and 20 thousand – we’ll notify others as needed,” said Holmes, the spokesperson for Home Depot.
Home Depot’s Full statement:
This was an isolated incident involving three rogue HR associates who had authorized access to personal information to perform their jobs. They were in a position of trust, which they abused and they are no longer with the company.
They did not have access to customer information.
Our corporate security, IT security and legal teams quickly investigated the matter and notified law enforcement, and the three associates were subsequently arrested.
We have notified and provided free credit monitoring to the approximately 300 current and former associates and a few hiring candidates referenced in the complaint. Out of an abundance of caution and looking at the universe of those whose information might have been exposed – which we believe is between 10 and 20 thousand – we’ll notify others as needed.
The security of anyone’s personal information is something we take extremely seriously, and we move aggressively to investigate and act on any questionable activity, no matter how large or small an incident might be. That’s what we did in this case, and will continue to do moving forward.