The IT Guys Blog

Source: Reuters

A computer containing 800,000 recent job applicants data including social security numbers and personal information was recently stolen from Gap Inc. Gap is pointing the finger at the vendor who apparently assured Gap that the data was encrypted and kept in a safe manor. Now any job applicant at Banana Republic, Gap, and Old Navy that applied since July of 2006 needs to worry. Gap is offering a year of free credit monitoring service and a charge dispute resolution service for the affected applicants.

Gap stands to learn a stiff lesson from this mistake, you can’t point the finger at a vendor you picked when they mess up. A business associate’s agreement will not save you when 800,000 people’s social security numbers become public. It may give Gap grounds to sue the vendor, but guess who will be stated as the defendant on this class action suit? Companies need to realize that just because they pick a vendor who guarantees security, it needs to be verified. We work with a few Indian corporations and I’ve repeatedly caught them trying to do unsafe things. From putting a printer right on the internet to sending data in an non-secure and non-encrypted way. Nobody who works with us should have to worry if the vendors we chose are using safe practices, that’s solely our responsibility.