In a business-computing atmosphere rife with cybercriminals, even the slightest slip-up in enterprise security can result in a malicious attack. A recent infringement at popular home improvement store Lowe’s suggests the ease with which a breacher can gain access to a company system, even one that’s ostensibly well-guarded.
Lowe’s Attack Leads to Employee Information Being Exposed
According to eSecurity Planet, the breach happened because a third-party vendor associated with the store inadvertently placed data with Lowe’s employee information on an vulnerable server.
Because of that vendor’s mistake, Lowe’s was placed in a situation where employee data — including Social Security numbers and drivers license data — was made vulnerable to potential exposure.
According to a letter from Lowe’s’ senior counselor for privacy Travis Todd to affected parties, the breach happened sometime between July 2013 and April 2014 — a large window of time that could cause many employees to worry about the safety of their information. When a situation like this arises, customer concerns turn not toward the third-party vendor but to the large corporation itself.
To assuage such concerns, Lowe’s is offering those affected a free credit report as well as a year of identity protection services. Unlike some other high-profile breaches of late, including one on eBay, Lowe’s seems to be dealing with its exposure situation with an appropriate level of forthrightness, which will undoubtedly serve it well moving forward.
What this incident and others like it points to is the need for companies to have all-encompassing plans regarding enterprise security. If, like Lowe’s, your company deals with a third-party vendor with which it stores information, then it’s your responsibility to ensure that vendor has the defensive infrastructure to prevent a similar breach from happening. Any platform where your customer’s data is being held is a platform that you are accountable for guarding.