Theft Of Gap Laptop Puts 800,000 Job Applicants At Risk

Source: Information Week

The retailer said a contractor had not properly encrypted sensitive information on a laptop that was stolen from one of the vendor's offices.
October 1, 2007 01:21 PM


Personal information on about 800,000 people who applied for jobs at the Gap Inc. was compromised when a laptop was stolen.

The stolen computer held personal data, including Social Security numbers, for people who applied online or by phone for store positions with the company's Old Navy, Banana Republic, Gap and outlet stores in the U.S. and Puerto Rico between July 2006 and June 2007, according to an online alert. The machine also held information on Canadian applicants but it did not contain their Social Security numbers, the company noted.

The laptop was stolen from one of the retailer's third-party vendors that manages information on job applicants.

The company did not note when the laptop was stolen or when applicants were first notified of the theft. The company pointed out in the alert that Gap uses more than one vendor to manage job applicant data, so not every job applicant was affected.



Read more: http://www.informationweek.com/news/showArticle.jhtml?articleID=202103785

'hires', and not 'applicants'.

Security must be multi-polar.

Security numbers and other identifying information is to be provided, when hired.

Having sat on interview committees, there is always a HR rep there to help smooth over discriminatory and otherwise illegal questions.

such as prohibiting potential employers from storing SSNs prior to hire. I've advocated for restrictions on the misuse of SSN as an identifier for years, but most people just shrug and think it can't be helped.

...databases authorized from the highest levels in the organizations, staged to look like theft and needs to be probed and investigated from that premise.

O-k, I'm not too bright-- why would upper management want to hijack this type of applicant information?

:shrug:

But don't they already have access to it? Stealing something one already owns seems counter-productive to me...

Those DB fuckers won't rest until every single person's info is on their creepy list.

"The machine also held information on Canadian applicants but it did not contain their Social Security numbers,"
Canadians have social security numbers?

Canadians are issued a Social Insurance number, which is 9 digits, in 3 groups of 3 each, i.e. 123-456-789. These are commonly referred to as SINs, so when you hear a Canadian refer to his/her SIN, they're not talking about gluttony or sloth.

:hi:

The place for this is server databases. The laptops access it in an as-needed basis. I smell bullshit.

But the contractor may have taken an export to do analysis offline. Still, how dumb do you have to be to carry that around unencrypted? Everything on my laptop is encrypted: without the passphrase it's just garbage. That contractor need to choose another line of work.

Why would you want to store the info on 800K people? Unless it was for nefarious purposes. . .

That number seems a bit "high" to me, by the way, that would be something like every slightly less than 1 out of every 400 people in the US and Canada have applied to work at Gap, INC.

or any major chain...

Buy local

Buy used...

Or don't buy at all!!!

However, I bet they didn't purge this information.

Some scumbag already tried to obtain credit cards in my name a couple years ago.