[BreachExchange] Nordstrom Data Breach Exposes Employee Information

[Destry Winant]

https://securitytoday.com/articles/2018/11/15/nordstrom-data-breach-exposes-employee-information.aspx

According to a Nordstrom spokesperson, no customer data was involved
in the breach. In a statement, the company said it was “investigating
an incident where a contract worker improperly handled some Nordstrom
employee data.”

Nordstrom is notifying employees of a data breach that exposed their
personal information, including names, Social Security numbers, dates
of birth, checking account and routing numbers, and salaries.

Co-President Blake Nordstrom emailed employees Nov. 7 to apologize and
let them know about the information security breach. Employees who
might not have access to corporate email accounts were shown the
breach notification by managers at work, and some former employees
have received notifications by mail.

The company would not say how many employees were affected by the breach.

According to a Nordstrom spokesperson, no customer data was involved
in the breach. In a statement, the company said it was “investigating
an incident where a contract worker improperly handled some Nordstrom
employee data.”

The incident, which took place Oct. 9, was discovered by Nordstrom’s
information security team. According to the company, “no longer has
any access to our systems and we’re putting additional measures in
place to help prevent this from happening again.” Nordstrom contacted
law enforcement to begin a comprehensive investigation.

“We have no evidence data was shared or used inappropriately,” the
company said. “Out of an abundance of caution, we are notifying our
employees so they can take the appropriate steps to monitor for any
potential unauthorized activity.”

The company is offering affected employees two years of identity
protection services.