Lowe’s Details

    Organization Logo

    Lowe’s

    Mooresville, North Carolina300000 employees • Retail

    https://www.lowes.com/
    United States

    Industry

    Retail

    Security Incidents

    1

    Lowe's Companies, Inc., commonly known as Lowe's, is a home improvement and appliance retail company based in the United States. Founded in 1946 by Lucius Smith Lowe in North Wilkesboro, North Carolina, the company initially operated as a small hardware store. Over the decades, Lowe's has expanded significantly and now operates a chain of retail stores in the United States and Canada. The company's primary purpose is to provide a wide variety of products and services geared toward home improvement, maintenance, and renovation.

    Notable for its comprehensive range of products, Lowe's offers eve...
    Show more

    Security Incidents

    Lowe’s Breach of Aug 2024
    Severity Score
    Low to Moderate

    Type

    Phishing Attack

    Summary

    In mid-August 2024, Lowe's employees were targeted through a sophisticated phishing campaign involving fraudulent Google ads. Employees searching for "MyLowesLife," the company's HR portal, encountered malicious ads leading to phishing websites. These sites used lookalike domain names and presented a convincingly realistic imitation of the MyLowesLife login page.

    The phishing site, built using AI to resemble a generic retail store, avoided scrutiny by appearing non-malicious at first glance. When users clicked the ads, they were directed to a page that asked for their Sales Number and Passwor...
    Show more

    Severity

    In mid-August, a malvertising campaign targeted Lowe's employees by exploiting Google ads to direct them to phishing pages masquerading as the internal MyLowesLife HR portal. This sophisticated attack aimed to steal login credentials and security information by leading users to nearly identical replicas of the legitimate portal. Although the campaign primarily affected Lowe's staff, the threat actor did not limit their scope and showed the potential to target other institutions, raising broader security concerns.

    The incident demonstrated significant levels of planning and execution complexit...
    Show more

    Impact

    In mid-August, Lowe’s experienced a sophisticated malvertising campaign specifically targeting its employees through Google ads. The malicious campaign aimed to phish MyLowesLife login credentials by directing employees to very convincing, albeit fraudulent, replicas of the Lowe’s internal HR portal. While it mainly focused on stealing the login details, it did not result in any known significant data exposure beyond employee credentials.

    There are no indications that customer data was compromised or that any internal systems were taken offline due to this incident. The potential stolen cred...
    Show more