The retailer said a contractor hadn't properly encrypted sensitive information on a laptop that was stolen from one of the vendor's offices.

Sharon Gaudin, Contributor

October 1, 2007

2 Min Read

Personal information on about 800,000 people who applied for jobs at the Gap was compromised when a laptop was stolen.

The stolen computer held personal data, including Social Security numbers, for people who applied online or by phone for store positions with the company's Old Navy, Banana Republic, Gap, and outlet stores in the U.S. and Puerto Rico between July 2006 and June 2007, according to an online alert. The machine also held information on Canadian applicants, but it didn't contain their Social Security numbers, the company noted.

The laptop was stolen from one of the retailer's third-party vendors that manages information on job applicants.

The company didn't note when the laptop was stolen or when applicants were first notified of the theft. The company pointed out in the alert that Gap uses more than one vendor to manage job applicant data, so not every job applicant was affected

"Gap Inc. deeply regrets this incident occurred. We take our obligation to protect the data security of personal information very seriously," Glenn Murphy, chairman and CEO, said in a statement. "What happened here is against everything we stand for as a company. We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again."

The alert noted that, contrary to the company's agreement with the vendor, the information on the laptop wasn't encrypted.

Law enforcement reportedly was contacted and an investigation is underway.

The Gap is asking anyone who applied online or by phone for a job during the specified dates to contact the Gap Security Assistance Helpline at 1-866-237-4007. Representatives are available 24 hours a day, seven days a week, to provide information and assistance. The company also is posting information and updates at this Web site.

Gap's announcement comes just a few days after it came out that the Connecticut Attorney General is investigating a former Pfizer employee in connection with a data breach that compromised personally identifying employee information at that company.

And just a few weeks ago, TD Ameritrade Holding e-mailed account holders and put a public advisory on its Web site alerting users that a hacker broke into one of its databases and stole personally identifying information for some of its 6.3 million customers. The company said names, e-mail addresses, phone numbers, and home addresses were taken in the data breach.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights