Theft Of Gap Laptop Puts 800,000 Job Applicants At Risk
The retailer said a contractor hadn't properly encrypted sensitive information on a laptop that was stolen from one of the vendor's offices.
Personal information on about 800,000 people who applied for jobs at the Gap was compromised when a laptop was stolen.
The stolen computer held personal data, including Social Security numbers, for people who applied online or by phone for store positions with the company's Old Navy, Banana Republic, Gap, and outlet stores in the U.S. and Puerto Rico between July 2006 and June 2007, according to an online alert. The machine also held information on Canadian applicants, but it didn't contain their Social Security numbers, the company noted.
The laptop was stolen from one of the retailer's third-party vendors that manages information on job applicants.
The company didn't note when the laptop was stolen or when applicants were first notified of the theft. The company pointed out in the alert that Gap uses more than one vendor to manage job applicant data, so not every job applicant was affected
"Gap Inc. deeply regrets this incident occurred. We take our obligation to protect the data security of personal information very seriously," Glenn Murphy, chairman and CEO, said in a statement. "What happened here is against everything we stand for as a company. We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again."
The alert noted that, contrary to the company's agreement with the vendor, the information on the laptop wasn't encrypted.
Law enforcement reportedly was contacted and an investigation is underway.
The Gap is asking anyone who applied online or by phone for a job during the specified dates to contact the Gap Security Assistance Helpline at 1-866-237-4007. Representatives are available 24 hours a day, seven days a week, to provide information and assistance. The company also is posting information and updates at this Web site.
Gap's announcement comes just a few days after it came out that the Connecticut Attorney General is investigating a former Pfizer employee in connection with a data breach that compromised personally identifying employee information at that company.
And just a few weeks ago, TD Ameritrade Holding e-mailed account holders and put a public advisory on its Web site alerting users that a hacker broke into one of its databases and stole personally identifying information for some of its 6.3 million customers. The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?