One of America's most popular retail chains is sending out letters this week to about 800,000 employment applicants to notify them that their personal information may have been breached.
The data was lost when a laptop was stolen from one of the Gap's third-party vendors, which manages applicant data from the retailer's Old Navy and Banana Republic stores as well. The partner company does not manage all of the company's applicant data, so not everyone who applied to these stores between July 2006 and June 2007 will be affected, according to a statement.
The data on the laptop was not encrypted, which is against Gap policy, the company said. Social Security data for the U.S. applicants was on the laptop.
"Gap Inc. deeply regrets this incident occurred. We take our obligation to protect the data security of personal information very seriously," said Gap Chairman and CEO Glenn Murphy. "What happened here is against everything we stand for as a company. We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again."
Tim Wilson, Site Editor, Dark Reading