Lowe’s Acknowledges Third Party Data Breach

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Lowe’s recently began notifying an undisclosed number of current and former employees that their personal information may have been disclosed when a third-party vendor mistakenly backed up Lowe’s employee data to an unsecured server.

The vendor, SafetyFirst, manages an online database called E-DriverFile, which stores compliance information related to current and former drivers of Lowe’s vehicles, as well as information about current and former employees who administer the system.

The data stored in E-DriverFile includes names, addresses, birthdates, Social Security numbers, driver’s license numbers, sales IDs, and other driving record information.

“Promptly after learning of the potential issue, SafetyFirst blocked access to the unsecured backup server and retained data security experts to conduct an investigation of the incident,” Lowe’s vice president of human resources Scott Purvis wrote in the notification letter [PDF]. “That investigation determined that personal information from the backup server may have been accessed between July 2013 and April 2014.”

All those whose Social Security numbers and/or driver’s license numbers may have been exposed are being offered one free year of credit protection services from AllClear ID.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis