Lowe’s employee info accessible online for about 10 months | SC Media
Breach

Lowe’s employee info accessible online for about 10 months

May 20, 2014

About 35,000 current and former employees of home improvement retailer Lowe's are being notified that their personal information – including Social Security numbers – was inadvertently made accessible via the internet for roughly 10 months by SafetyFirst, a third-party vendor that maintains the data.

How many victims? 35,000, according to reports

What type of personal information? Names, addresses, dates of birth, Social Security numbers, driver's license numbers, Sales IDs and other driving record information.

What happened? Data stored in the E-DriverFile – a SafetyFirst record-keeping platform used to manage drivers and vehicle fleets – was inadvertently backed up to an unsecured computer and was accessible via the internet.

What was the response? Upon learning of the issue, SafetyFirst blocked access to the data and begun an investigation with data security experts. All impacted individuals are being notified and offered a free year of credit protection services.

Details: The information was accessible from July 2013 to April. The E-DriverFile stores compliance documentation and information related to current and former drivers of Lowe's vehicles, and information related to current and former system administrators.

Quote: “At this time, we have no evidence that any of the information has been misused,” Scott Purvis, vice president of human resources with Lowe's, wrote in the notification letter.

Source: oag.ca.gov, “Notice Letter,” May 19, 2014.

prestitial ad