Lowe’s Warns Of Cloud-related Data Compromise

Grazed from InfoSecurity. Author: Editorial Staff.

In an oddly ironic endorsement of its “do it yourself” ethos, home improvement giant Lowe’s is notifying customers of a potential data compromise brought about via a third-party software vendor. Lowe’s had hired the vendor to provide a computer platform that stores compliance documentation and information about employees. Specifically, current and former drivers of Lowe’s vehicles could be affected, as well as current and former employees who access and administer the system.

The personal data in the system, which is called E-DriverFile, includes a raft of hot information, including names, addresses, dates of birth, Social Security numbers and driver’s license numbers, sales IDs and other driving record information. In short, it’s essentially an identity fraud in-a-box kit…

"The breadth of data that was accessible about these individuals is troubling… [it] gives cyber-criminals everything they need to wreak havoc with a victim’s identity and finances,” said Paul Lipman, CEO at iSheriff, in a note to Infosecurity. “It’s literally turning over the keys to the kingdom. Anyone affected by this compromise should immediately take Lowe’s up on their offer of free credit monitoring, and check their current credit reports for signs of recent suspicious activity. In addition, very careful attention should be paid to banking and credit card transactions.”…

Read more from the source @ http://www.infosecurity-magazine.com/view/38569/lowes-warns-of-cloudrelated-data-compromise/