HomeDepot 2025 Data Breach

Home Depot Home Improvement Retailer Breach (Salesforce, 2025): 10.5 Million Customer Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersRetailEmail AddressPhone NumberPhysical Address
Moderate SeverityWebsite / service breach

Home Depot Home Improvement Retailer Breach (Salesforce, 2025): 10.5 Million Customer Contact Records Exposed

Home improvement retail company.

Verified by ObscureIQ Intelligence
44/100Breach Risk Index
10Data Value
40Market Recency
206dSince Breach

Breach Intelligence Summary

Entity: HomeDepot · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Home improvement retail · Hardware and building supply chain · USA / Global
Timeline: Breach (2025-10-10) · Indexed (Oct 03, 2025) · Year (2025)
Exposure: 10.5M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported

Executive Summary

Home Depot, the largest home improvement retailer in the United States, was caught up in a supply chain breach affecting its Salesforce platform in 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of the stolen data on October 3, 2025, with the full dataset reportedly scheduled for release on October 10. Home Depot was one of approximately 39 organizations listed on the group's dark web leak site. The incident exposed records belonging to roughly 10.5 million customers. The exposed data includes names, email addresses, phone numbers, and full home addresses including city, state, postal code, and country. For ordinary customers, this combination signals likely homeownership and ongoing property activity, details that make targeted scams more convincing. A subset of the records was dedicated to government employees, including federal, state, and county workers. Those records appear to contain personal home addresses rather than work addresses, exposing the physical locations of individuals whose government affiliation is also visible in the data. That combination creates heightened risk for identity fraud, phishing, and physical targeting. Home Depot has not made detailed public statements about its specific response to this campaign. No regulatory actions or breach notifications have been publicly confirmed as of the time of this writing. Affected individuals, particularly government workers whose home addresses were included, should be alert to contractor-themed phishing attempts, delivery impersonation scams, and unsolicited contact that references their address or home improvement activity.

ObscureIQ assessment: Exposure enables phishing, payment fraud, delivery impersonation, and household targeting. Purchase history can also reveal renovation activity and improve contractor-themed scams.

Breach Impact

Home Depot was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025. Security researchers noted the Home Depot dataset was particularly sensitive because it contained a file segment dedicated to government employees, including names, email addresses, postal addresses, and phone numbers. Some records appeared to include personal home addresses rather than work addresses, creating targeted risk for federal, state, and county workers whose identities and locations were exposed alongside their government affiliation. Home Depot has not made detailed public statements about its specific response to this campaign.

About HomeDepot

Home Depot is the largest home improvement retailer in the United States, operating more than 2,300 stores across North America alongside a major e-commerce platform. The company is publicly traded on the NYSE and headquartered in Atlanta. It serves both consumer and professional contractor customers with products spanning building materials, tools, appliances, garden supplies, and home finishing goods.

Why They Hold Your Data

Home improvement retailers collect customer identity, contact details, addresses, payment-adjacent data, order history, loyalty records, and contractor-linked transactions across retail systems.

Recent Developments

Home Depot has focused on its professional customer segment as a key growth driver, investing in supply chain improvements and digital tools for contractors and trade professionals. The company acquired SRS Distribution, a specialty distributor serving roofing and landscaping trades, in 2024 for approximately $18.25 billion — its largest acquisition. Leadership has maintained focus on the Pro and online segments to offset softer consumer DIY demand.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the HomeDepot breach?

Home Depot, the largest home improvement retailer in the United States, was caught up in a supply chain breach affecting its Salesforce platform in 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of the stolen data on October 3, 2025,…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation