The Gap Screws 800k Job Applicants

The Gap group, which includes Gap Stores, Banana Republic, and Old Navy, hired an external consultant to manage their job applications.  For some stupid reason, the consultant kept 800,000 applications on a single laptop which then stolen.  And of course, the data was unencrypted.

From Reuters here:

Clothing retailer Gap Inc said on Friday that a laptop computer containing personal information for about 800,000 job applicants was stolen from a vendor it used to manage that data. An investigation is under way.

The stolen laptop contained personal information for people who applied for store positions with the company’s Old Navy, Banana Republic, Gap and Outlet stores in the United States, Puerto Rico and Canada between July 2006 and June 2007.

Gap said the applicants’ Social Security numbers were included in the stolen information and that it is offering them a year of free credit monitoring services with fraud resolution assistance. Canadian applicants’ Social Insurance Numbers were not stolen, Gap said.

The information on the laptop was not encrypted, a fact Gap said is contrary to its agreement with the vendor. But Gap added that it has no reason to believe that the data on the computer was the target of theft or that the personal information has been accessed or used improperly.

I don’t know why Gap doesn’t just come out and point the finger at the guilty consultant.  I hope they fire the consulting company.  In the mean time, who knew that almost a million people applied for a job at the Gap??