Gap: Stolen laptop has data of job applicants

Retailer said a laptop stolen from a third-party vendor contained personal data of 800,000 people, including Social Security numbers.

By Parija B. Kavilanz, senior writer

NEW YORK ( -- Gap Inc. announced Friday that a laptop containing the personal information of about 800,000 job applicants was stolen from the offices of one of its vendors that manages data for the company.

The San Francisco-based retailer said it has begun notifying on Thursday those applicants whose Social Security numbers were included in the information on the laptop.

"Gap Inc. deeply regrets this incident occurred. We take our obligation to protect the data security of personal information very seriously," Gap CEO Glenn Murphy, said in a statement.

"What happened here is against everything we stand for as a company. We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again," he said.

The company said the stolen laptop contained personal information for people who applied online or by phone for store positions with the company's Old Navy, Banana Republic, Gap and Outlet stores from the United States, Puerto Rico and Canada between July 2006 and June 2007.

However, the laptop did not contain Canadian applicants' Social Insurance Numbers.

Contrary to the company's agreement with the vendor, the information on the laptop was not encrypted, Gap said.

Cynthia Lin, a spokeswoman for Gap Inc., told that the vendor is a U.S.-based company but declined to disclose the name of the firm.

This is the latest incident of a security breach involving stolen data at a major retailer. Earlier this year, TJX Cos., which operates more than 800 T.J. Maxx stores and 751 Marshalls locations, said its computer systems were hacked, compromising more than 45 million of its shoppers' debit and credit cards.

The retailer announced this month that it had settled customer class-action suits stemming from the data breach.

For its part, Gap (Charts, Fortune 500) said it has no reason to believe the data contained on the computer was the target of the theft or that the personal information has been accessed or used improperly.

"First of all, why is this kind of data on a laptop? And if it was on a laptop, it should certainly have been encrypted," said David Perry, data security expert and global director of education with Trend Micro.

"This is just one of the many number of incidents where the value of the stolen property is no longer the computer itself but the information that's on it," he said. "Even though Gap says it believes that the data wasn't the target of the theft, whoever has the laptop now knows what's on it."

"That's a big concern to those job applicants and to Gap if that information is misused," he said.

Gap Inc. said it is offering those affected a year of free credit monitoring services and fraud resolution assistance, along with a 24-hour help line at 1-866-237-4007.

TJX settles security breach suits Top of page