Nordstrom has apologized to employees for a cybersecurity breach that left their personal information exposed, the Seattle Times reports. Nordstrom didn't immediately respond to Retail Dive's request for comment.
Names, Social Security numbers, birthdates and bank information were "improperly handled" by a contract worker last month, but no customer data was involved, the department store told the Seattle Times. An investigation is ongoing, the company also said.
Retailers lead the way in data breaches despite heavy spending on cybersecurity, according to the 2018 Thales Data Threat Report, Retail Edition. Consumers have little faith in retailers, believing that these companies are least prepared to address a breach and most likely to experience one, according to research from global payments tech company First Data.
Retailers are used to taking steps against employee theft — Amazon, Apple and Walmart are all among those taking sometimes Draconian steps to ensure that workers aren't making off with their goods.
But when it comes to data security, as in this case, employees may also be the ones on the defensive. Nordstrom employees are facing exactly the kind of data breach that people fear the most: 64% told First Data that above all, they want their Social Security number protected, followed by their home addresses and phone numbers (41%), login/passwords (34%) and date of birth (17%).
The news comes about a month after reports that Amazon fired an employee for sharing customer emails with marketplace sellers, similarly demonstrating that data security issues can arise in house. In fact, Target's now infamous data theft of credit card and personal information from more than 110 million customers was reportedly the result of a phishing email sent to employees at an HVAC vendor and a failure on the part of Target employees to follow protocol.
So far, the information leak hasn't had any adverse consequences. The contractor involved in the breach is out, and Nordstrom is plugging up the vulnerabilities that led to the incident, according to the Seattle Times. Law enforcement have been called and an investigation is ongoing, according to the report, but employees would be wise to take steps, like monitoring their credit, just in case.