Lowe's Acknowledges Third Party Data Breach


Lowe's recently began notifying an undisclosed number of current and former employees that their personal information may have been disclosed when a third-party vendor mistakenly backed up Lowe's employee data to an unsecured server.

The vendor, SafetyFirst, manages an online database called E-DriverFile, which stores compliance information related to current and former drivers of Lowe's vehicles, as well as information about current and former employees who administer the system.

The data stored in E-DriverFile includes names, addresses, birthdates, Social Security numbers, driver's license numbers, sales IDs, and other driving record information.

"Promptly after learning of the potential issue, SafetyFirst blocked access to the unsecured backup server and retained data security experts to conduct an investigation of the incident," Lowe's vice president of human resources Scott Purvis wrote in the notification letter [PDF]. "That investigation determined that personal information from the backup server may have been accessed between July 2013 and April 2014."

All those whose Social Security numbers and/or driver's license numbers may have been exposed are being offered one free year of credit protection services from AllClear ID.