It is not clear to me why they would have your name, email address, and mailing information? For example, I recently purchased some items from home depot and used my debit card + pin, other than rolling the pin, what else should we be doing?
A lot of people make online purchases and pick up in store. When you make a return, you have to supply them a drivers license and that goes into the system as well. I'm wondering how much of this information was compromised. They use a third party company called Retail Equation for tracking returns. This company basically makes a profile / tracks your return patterns.
I don't have a Home Depot CC, but I've used their e-receipts in the last couple of months and I'm reasonably sure that I've ordered online from them in the past.
I certainly hope they didn't compromise the PIN pads in the stores. That could be a Very Bad Thing.
From what I've read so far, this was another case of memory scraping malware[1], most likely running on each POS. The pinpads typically have tamper protection, though I wouldn't completely discount the possibility that we'll see malware at the pinpad level at some point in the future.
home depot likes to collect email address for sending receipts (and spam). Along with that older style mag stripes will give out the name. Not sure about mailing info or how they'd get that.
The thing to do is to actually get stores to stop storing CC info at all. they should be able to process the payment and then forget the info at all so it never has to be stored so it can't be stolen. EMV is actually a move to force this as they'll no longer be able to get the number, just verify a transaction in theory.
I've made a lot of Home Depot purchases in the last month (yay, new credit cards for me!), and I don't recall ever being asked for an email address either by a cashier or the self-check kiosk. Maybe it's just my local stores don't do it, though.
Just for another point of data, all of my purchases during the timeframe in question were on the Self-Checkout units, and I was given the option for eReceipt, which I took advantage of. What I noticed was that upon returning with the same card, my email address was remembered, which tells me that they must store some information to cross reference (hopefully just name + last 4 or similar). Typing this reminds me that I actually did use both of my cards at Home Depot, because I now remember being prompted again when I had used another card. Guess that means two new cards for me...
Do you have a home depot CC?