E-piphanies Ziff Davis Enterprise
Advertisement
Advertisement
Saturday, September 29, 2007 11:13 AM/EST

Who's Accountable in the Gap Data Breach?


Incredible.

It seems like the Gap did everything right. It used an experienced third-party vendor to manage job applicant data. It insisted that the vendor use encryption to protect that data in case of loss or theft.

Seems like the vendor didn't listen and, worse, hasn't been listening. It failed to encrypt the data contained on a laptop on which information on 800,000 job applicants was stored. That's not exactly like someone's BlackBerry was left on the counter at Starbucks. This is the height of cavalier vendor irresponsibility.

So where is the accountability? Why is the Gap protecting the vendor by refusing thus far to identify it? Our Evan Schuman has already detailed the shamefully easy terms of TJX's settlement with customers over stolen data. If customers won't hold their vendors' feet to the fire for such activity, when will this kind of breach ever cease?

Posted by Michael Hickins on September 29, 2007 11:13 AM

| Comment (2) | del.icio.us | digg.com
View all of IT in the World
TrackBack

TrackBack

http://blogs.eweek.com/cgi-bin/mte/mt-tb.cgi/11803

Comments (2)

Markus Diersbock :

GAP needs to release the 3rd party's name.

Companies won't take the securing of customer
data seriously unless there is more customer
outrage.

TJX's $30 voucher settlement is a joke, might
as well send a coupon.

Posted by Markus Diersbock | September 30, 2007 1:54 AM

The Breach Blog :

Michael, you are absolutely correct! Who knows why Gap Inc. is withholding its vendor's name. It makes little sense to me. I chalk much of this up to two primary factors:

1. Poor corporate leadership at the top with very short-term thinking on the part of their companies. The lack of disclosure information will eventually lead to even more government law and regulations. In my opinion, SOX, HIPAA, GLBA, etc. wouldn't even be necessary if poorly-led companies had done the right thing.

2. Customers are weak and have short attention spans. Customers should take a stand against companies that refuse to treat their data responsibly. The information belongs to the customer, not the company.

I don't even want to get started on the TJX settlement. I was not a victim, but I will never shop there again unless I felt like something at the top had changed.

Posted by The Breach Blog | October 9, 2007 7:02 AM

Post a Comment

 
 


Breaking News

Advertisement

Election 2.0

Enterprise 2.0

Good Ideas Gone Wrong

IT in the World

Machinations

Strange Bedfellows

Trendology

WebSiteings

Advertisement

Syndication

Subscribe: Blog Roll: