Clothing retailer Gap said Friday an unencrypted computer containing the Social Security numbers of about 800,000 job applicants was stolen from a vendor it used to manage that data.
An investigation into the matter is under way, though the company said it had no reason to believe that the data on the laptop computer was the target of the theft or that the personal information had been used improperly.
Gap spokeswoman Cynthia Lin would not disclose the name of the vendor, nor would she say whether Gap was maintaining its relationship with that company.
"They trusted their data to our company, so we are ultimately accountable for this incident," Lin said, referring to the job seekers.
The stolen laptop contained personal information for people who applied for store positions with the company's Old Navy, Banana Republic, Gap and Outlet stores in the United States, Puerto Rico and Canada between July 2006 and June 2007, Gap said. The applicants' Social Security numbers were included in the stolen information.
The information on the laptop was not encrypted, a fact Gap said is contrary to its agreement with the vendor.
The San Francisco company, which learned of the incident more than a week ago on Sept. 19, said it is sending letters to the affected individuals to notify them of the incident and offer them a year of free credit monitoring services with fraud resolution assistance. Canadian applicants' Social Insurance Numbers were not stolen, Gap said.
"We're reviewing the facts and circumstances that led to this incident closely, and will take appropriate steps to help prevent something like this from happening again," Chief Executive Glenn Murphy said in a statement.
The company uses more than one vendor to manage its job applicant data, so this does not affect everyone who applied for jobs during that period, the company said.