Data Breach at The Gap

The Gap has suffered a data breach as a result of a laptop theft, putting 800,000 job applicants at risk for identity theft.

The Gap issued a press release on September 28 to announce that a laptop containing Social Security numbers was stolen from the offices of a third-party vendor responsible for job applicant data. The Gap has an agreement with its vendors that states that laptops must be encrypted – the laptop that was stolen was not, however, following the outlined security policy.

800,000 job applicants from the US, Canada and Peurto Rico who applied to The Gap, Banana Republic or Old Navy were affected. Those affected applied online or by phone during July 2006 and June 2007. Those affected have been sent letters with information and the offer of free credit monitoring services for one year. Canadian job applicants are likely unaffected, as their Social Security Numbers were not included on the laptop.

“Gap Inc. deeply regrets that this incident occurred. We take our obligation to protect the data security of personal information very seriously,” said Gap Inc. Chairman and CEO Glenn Murphy. “What happened here is against everything we stand for as a company. We’re reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again.”

It is an unfortunate incident for a company that appears to be taking its security quite seriously. A tight security policy extends to vendors, as it did in this case. Unfortunately, the laptop was not encrypted as required by the agreement. A stronger security policy, internally and with vendors, would include a laptop tracking and recovery solution such as Absolute’s ComputraceComplete.

The Gap has put up a website with more information at www.gapsecurityassistance.com and has a 24/7 help line at 1-866-237-4007

Via information week ; Tags: data breach, the gap, gap, job applicants, data loss, laptop theft