Breach of the Week: Nordstrom

Breach of the Week infographic: Nordstrom

What Happened: Nordstrom

Another week, another retail breach. Nordstrom is the latest retailer to experience a data breach.  But, this breach is unlike the others because it exposed employee, not customer, information.

The exposed information includes:

  • Employee names
  • Social Security numbers
  • Dates of birth
  • Check account
  • Routing numbers
  • Salaries

Nordstrom did not disclose the number of employees affected. However, the company is receiving praise for its swift action after detecting the breach. In an email, to employees co-president, Blake Nordstrom explained that there was a detection of irregular activity on October 9, 2018. A quick investigation determined that a contract worker inadvertently exposed the data. There is no information on the details of how the contractor mishandled the data. Law enforcement is investigating the incident.

There is no sign of the information being used inappropriately. In an effort to be cautious, the company notified employees to look for unauthorized activity. Nordstrom is offering two years of identity-protection services to all affected employees.

Cybersecurity Risk: Contract Employees

Contract, or temporary employees, create a unique cybersecurity risk for the company. Take these steps to eliminate any risks.

  1. Create temporary accounts for the individual that will expire on a certain date, corresponding with the end of their contract.
  2. Encrypt confidential data. This protects data even if the individual steals a piece of equipment, such as a hard drive.
  3. Implement two-factor authentication. If the individual does not have both factors, then they will be denied access.