SAN FRANCISCO (CN) – Gap Inc. allowed 800,000 job-seekers’ confidential information, including Social Security numbers, to be stolen from a third-party vendor that manages job applications, a class-action complaint claims in Federal Court. The information, which was not encrypted, exposed all 800,000 to ID theft.
An unidentified thief stole two laptop computers with the information on Sept. 28, the complaint states.
Lead plaintiff Joel Ruiz claims Gap’s negligence exposed online and telephone job applicants in the United States, Canada and Puerto Rico to ID theft.
Ruiz also claims that Gap failed to investigate the data security practices of its third-party vendor; that it saved sensitive records on portable computers that should have been housed in a secure central computer; and negligently required job applicants to input sensitive personal information, including Social Security numbers, to apply for a job.
Ruiz received a letter from Gap CEO Glenn Murphy, stating that though his information had been compromised, the Gap did not believe he was the target of the theft and that the information had not been “accessed or used improperly” – though Ruiz says Gap has no way of knowing that.
Gap offered to pay for 12 months of credit monitoring and fraud assistance through Experian’s “Triple Advantage Credit Monitoring Plan.” But Ruiz says one year is not long enough to protect the class from the effects of the security breach, and that if they accept the credit monitoring plan, they would have waive their right to a jury trial should the credit monitoring service fail.
The class demands damages, long-term monitoring of Gap’s security measures and a substantial increase in identity theft insurance. They are represented by Finkelstein Thompson. See complaint.