Gap Job Applicants' Data Stolen - 800,000 of them!
A thief stole a laptop computer containing unencrypted personal information of 800,000 people who applied for jobs at Gap Inc., the clothing retailer announced Friday.
The laptop stored Social Security numbers and other data from people in the U.S., Puerto Rico and Canada who applied online and by phone between July 2006 and June 2007 for jobs at Gap, Old Navy, Banana Republic and Outlet stores.
This news comes hot on the heals of a security breach last month where online job site Monster.com exposed the confidential information of 1.3 million people looking for jobs.
Gap said the laptop was lifted from the offices of a third-party vendor that manages job applicant data for the San Francisco-based clothier. If you look at the link of the GAP career portal which is run by Taleo, there are still jobs published although the CEO of Gap is rightly taking this breach of security very seriously.
Storing data without encrypting it to protect it from hackers is contrary to Gap's agreement with the third-party vendor, Gap said Friday.
"What happened here is against everything we stand for as a company," said Gap Chairman and CEO Glenn Murphy. "We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again."
Ouch - are your privacy policies strong enough, are those of your recruitment system vendors? This is serious business folks, please be careful. I'm not sure if Gap or the vendor will get sued, but this could get very messy if jobseekers start reporting fraud activity as a result of their stolen data. Job applicant data, especially in the US where it often includes social security ID numbers as Gap's did, is very highly targeted by hackers.
No comments:
Post a Comment