Updated at 11:12 a.m., Friday, September 28, 2007
Gap says data on 800,000 job applicants stolen
By RACHEL KONRAD
Associated Press Business Writer
The laptop stored Social Security numbers and other data from people in the U.S., Puerto Rico and Canada who applied online and by phone between July 2006 and June 2007 for jobs at Gap, Old Navy, Banana Republic and Outlet stores.
The incident came on the heels of a finding this week by the Canadian government that another international retailer, TJX Cos., hadn't sufficiently encrypted data it stored from customer transactions, and that failure enabled hackers who intercepted wireless communications to steal data on millions of customers.
The break-in gave hackers undetected access to TJX's central databases for a year and a half, exposing at least 45 million credit and debit cards to potential fraud.
Data about job applicants who must often provide Social Security numbers, job histories, home and e-mail addresses and other information is a favorite target of hackers.
A security breach last month at online job site Monster.com exposed the confidential information of 1.3 million people looking for jobs.
Gap said the laptop was lifted from the offices of a third-party vendor that manages job applicant data for the San Francisco-based clothier, but the company would not provide the vendor's name or other details of the theft.
The company said job applicants have not notified it of any instances of identity theft or fraud related to the incident.
Storing data without encrypting it to protect it from hackers is contrary to Gap's agreement with the third-party vendor, Gap said Friday.
"What happened here is against everything we stand for as a company," said Gap Chairman and CEO Glenn Murphy. "We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again."
Multiple outside companies manage job applicant data for Gap so not everyone who applied for retail work with the company had confidential data compromised. And the laptop did not contain Canadian applicants' Social Insurance Numbers.
Gap is notifying the affected applicants and offering a year of free credit monitoring services with fraud resolution assistance. The company has also set up a 24-hour help line.
Gap, which operates more than 3,100 stores in the United States and five other countries, is working with law enforcement officials to investigate the theft.