Nordstrom Falls Victim to Unique Data Breach

Press enter to search
Close search
Open Menu

Nordstrom Falls Victim to Unique Data Breach

By Tim Denman - 11/14/2018
The employment records of current and former Nordstrom workers were breached.

The employment records of current and former Nordstrom workers were compromised in the latest data breach to strike the retail industry.

Unlike the rash of breaches that have plagued retail over the past few years, it was not customer data that was vulnerable, but rather the personal information of employees.

“While we tend to see more headlines about customer data, compromises of employee data are also significant, especially to large employers who have thousands of employees,” said Tim Erlin, VP, product management and strategy at cybersecurity firm Tripwire. 

The Seattle Times broke the story and reported that worker names, Social Security numbers, dates of birth, bank accounts, salaries and additional information was compromised. A company spokesperson confirmed to the paper that employees received an e-mail notification and apology from co-president Blake Nordstrom last week informing them of the breach.

Subsequently, the Seattle-based retailer issued a statement saying that a contract worker "improperly handled some Nordstrom employee data" and that no customer data was exposed. "The contract worker who improperly handled this information no longer has any access to our systems, and we're putting additional measures in place to help prevent this from happening again. We have no evidence data was shared or used inappropriately."

The speed with which Nordstrom went public with the information is at stark odds to the traditional slow response of breached organizations. “No one company is immune to cyberattacks, but how a company responds will make all the difference in restoring trust with customers and employees and proving that they have taken all possible actions to inform and mitigate the damage during an event,” said Ryan Wilk, VP at NuData Security. “Nordstroms response time to this data breach incident is laudable as well as their attempts at transparency.”