Third-party vendor exposes information on 800,000 job applicants at the Gap.
A vendor managing job applicant data for clothing retailer Gap lost personal information, including Social Security numbers for some 800,000 U.S. and Canadian job seekers, the company admitted in a press release.
The breach affects people who applied for jobs at the retail chain either by phone or online between July 2006 and June 2007, including Old Navy, Banana Republic, Gap and Outlet stores in the United States, Puerto Rico and Canada.
However, the laptop did not contain Social Security numbers belonging to Canadian applicants.
Gap said the vendor, which it did not identify, violated the terms of the agreement between the two companies by failing to encrypt the data contained on the stolen laptop.
Gap Chairman and CEO Glenn Murphy said the incident "is against everything we stand for as a company" and said the retailer will take appropriate steps to ensure something like this doesnt happen again.
The TJX department store chain rushed to settle lawsuits resulting from the theft of identity data of 46 million consumers. Read more here.
The company said it has begun notifying people whose Social Security numbers were lost and will offer them a year of free monitoring services with fraud resolution assistance, along with a dedicated helpline.
Gap uses more than one vendor to manage its job applicant data, so not everyone who applied for a job during that period has been necessarily affected.
Gap said the vendor notified law enforcement authorities as soon as it discovered that the laptop had been stolen.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.