Gap loses data on 800,000 job applicants

Cyber-Ark, a data protection and company security specialist, has warned that companies of all sizes need to take more care of personal data, following news that a notebook PC containing personal information on 800,000 people who applied for jobs with Gap's US retail operation has been stolen.

"This latest personal data theft comes hard on the heels of the August break-in at Monster.com, when 1.3 million job seekers' details were lost, simply because the company failed to encrypt its data," said Calum Macleod, Cyber-Ark's European director.

"This time around a notebook PC was stolen from the offices of a third-party company that services job applications for Gap's US retail clothing operation," he said.

According to Macleod, that data should have been protected.

"It clearly wasn't, so now the Social Security numbers, employment records and a wealth of other information on 800,000 people who applied for jobs at Gap, Old Navy, Banana Republic and Outlet stores across the US, is potentially available to identity thieves," he added.

Macleod went on to say that storing personal data on an unencrypted machine appears to be contrary to Gap's agreement with the third-party vendor.

"That's all well and good, but is of zero consolation to the 800,000 job applicants whose data has been compromised.

This is a clear breakdown in Gap's IT security policies and should render them liable to all sorts of legal trouble," he said.

“It’s ludicrous that companies are still not storing data securely, when there are so many inexpensive solutions such as digital vaults available, which mean only those who have rights to the information, can actually access it.

If anything, we should be seeing less of these examples of information being stolen, instead of more.

The IT guys responsible for this grand foul up should be very, very worried about their future!” concludes Macleod.