It has been reported that high-end retailer Nordstrom is in the process of notifying its employees their data may have been compromised in a breach.
The Seattle Times reported worker names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and additional information is included in the breach notification, which is being sent by email or being personally delivered by the retailer’s managers.
Commenting on the news are the following security experts:
Javvad Malik, Security Advocate at AlienVault:
“Details are not available as yet beyond the fact that a contractor improperly handled the data. The insider threat isn’t just restricted to malicious acts, but also covers accidental misuse of data. Therefore, it is important that companies provide appropriate training to staff that handle sensitive information, have in place segregation and protective controls, as well as having monitoring controls that can spot anomalous activity and raise alarms so that any irregularities can be investigated promptly.”
Mayur Upadhyaya, Managing Director, EMEA at Janrain:
“In recent industry research, Janrain found that nearly half of the respondents will try to only buy from brands they believe will protect their data. Janrain surveyed over 1,000 U.S. consumers and found 48% will try to only buy from companies they believe will protect their personal data, though they don’t fully trust all of the brands they conduct business with. Any retailer suffering from a data breach just before Cyber Monday, might find their brand tarnished and consumer behaviour changed.”