A different kind of data breach hits Nordstrom

Another retailer was hit by a cyber-attack, but this one didn’t target customer information.

Nordstrom was hit by a data breach that targeted the personal data of current and past employees. Information that may have been exposed includes names, Social Security numbers, dates of birth, checking account and routing numbers, salaries, among other data, according to The Seattle Times, which first broke the story.

The breach, which occurred on Oct. 9, stemmed from “a contract worker [that] improperly handled some Nordstrom employee data. Customer data was not impacted,” according to a company statement.

The company’s information security team promptly discovered the incident, and immediately notified law enforcement to begin a comprehensive investigation. The contract worker no longer has access to Nordstrom’s systems, and the company has put additional measures in place to help prevent a similar situation from recurring.

While the company has no evidence that data was shared or used inappropriately, the company immediately notified employees “so they can take the appropriate steps to monitor for any potential unauthorized activity,” the statement reported, adding that Nordstrom is also offering impacted employees free identity protection services for 24 months.

“No one company is immune to cyber-attacks, but how a company responds will make all the difference in restoring trust with customers and employees and proving that they have taken all possible actions to inform and mitigate the damage during an event,” said Ryan Wilk, VP of customer success for NuData Security.

“Nordstrom’s response time to this data breach incident is laudable as well as their attempts at transparency. Online companies should do more to devalue personal information or PCI Data so if a breach does occur the data obtained by cyber attackers is less valuable.”

Wilk also encourages retailers to use technologies, such as passive biometrics and behavioral analytics “to detect and devalue the data when bad actors use it to commit account takeover at login or attempting to create new accounts such as credit cards and loads,” he added. “It will dissuade bad actors from attempting to steal the data in the first place.”

Other retailers targeted by cyber-thieves this year include Hudson’s Bay Co.’s Saks, Saks Off Fifth and Lord & Taylor brands, Best Buy, Panera Bread, Sears Holdings, and Under Armour.