Following the news that that high-end retailer Nordstrom is in the process of notifying its employees their data may have been compromised in a breach, please see below comments from Martin Jartelius, CSO of Outpost24.
Martin Jartelius, CSO at Outpost24:
“It looks like this incident relates to a contractor unintentionally, or intentionally, incorrectly handling confidential employee information. This highlights the need for organisations to treat all employees as a potential risk and ensure security steps are taken to minimise the risks when incidents like these happen.
There is also a considerable amount of time which has passed from the detection of the breach to the information being made available to potential victims. Taking into account the data which was exposed, waiting over a month to notify employees is very significant.
This is also a good example of why GDPR is of importance to us all. We may not be protected from those recurring breaches, but customers and end users have a right to know when companies have failed to meet their obligation to protect our information.”