Home improvement retailer Lowe's (NYSE:LOW) has sent notifications of a possible data breach that may have compromised the personal information of current and former employees.
The personal information may have been compromised during a 10 month period and was likely the fault of a third-party vendor. In a letter sent to potential victims, Lowe's identified a vendor, E-DriveFile, "that provided a computer system that stores compliance documentation and information related to current and former drivers of Lowe's vehicles as well as information about certain current and former employees who access and administer the system."
Personal information including names, addresses, dates of birth, Social Security numbers, driver's license numbers, sales IDs, and other driving record information may have been compromised when the vendor unintentionally backed up the data to an unsecured computer server that was accessible from the Internet.
After discovering the breach, the vendor blocked access to the unsecured backup server and retained data security experts to conduct an investigation of the incident. That investigation determined that personal information from the backup server may have been accessed between July 2013 and April 2014.
Lowe's told affected parties there was no evidence at this time that any of the information has been misused, and did not offer what is now the standard one-year of free credit report monitoring. Instead, the retailer reminded potential victims of their right to obtain one free credit report per year under U.S. law.
An estimated 35,000 people could be affected, according to CSO.
EBay hit in cyberattack, 112 million user accounts compromised
EMV migration won't save retail
Steinhafel's departure leaves Target looking for redemption
Target: Timeline of a data breach
Target breach: Heating vendor confirmed as hackers' entry point