Supply chain
⛓ Supply Chain
Lowe's Driver Records Breach via SafetyFirst E-Driver File Platform
Primary Source ↗Incident Details
In a letter to both current and former employees, Lowe’s says that personal information might have been compromised after a third-party vendor exposed it to the public. In a letter to both current and former employees, Scott Purvis, Vice President of Human Resources at Lowe’s, says that personal information might have been compromised after a third-party vendor exposed it to the public. According to the letter , the personal information of current and former drivers for the company, including names, addresses, birthdays, Social Security numbers, driver’s license numbers, and other driving record information, were exposed during the incident. Black Kite timeline context: Data breached: Unknown. Use of third party: Unknown. Third-party company: Third-party vendor.
Technical Details
- Initial Attack Vector
- SafetyFirst's E-Driver File online database system — used by Lowe's to store driver qualification records for commercial vehicle operators — had a configuration error or vulnerability that exposed driver records to unauthorized access
- Vendor / Product
- SafetyFirst E-Driver File (driver management platform)
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2014-07-01 Breach occurred
- 2014-05-22 Publicly disclosed