Nordstrom Security Breach Exposes Sensitive Employee Data

Nordstrom is notifying employees of an information-security breach that exposed their names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and more. Employees across the company received an email notification and apology from co-President Blake Nordstrom on Wednesday informing them of the breach, a company spokesperson confirmed Friday. Some employees, who may not have regular access to corporate email accounts, were being shown the breach notification by managers when they arrived at work. The company would not say how many people were affected by the breach; those employees were being notified by mail. Nordstrom had about 72,500 full- and part-time employees in 2017. No customer data was implicated in the breach, according to a Nordstrom spokesperson.

Total Retail's Take: We so often fixate on the security of customer data, but often neglect the massive amounts of data that large companies have on file about their employees. That data is equally valuable to hackers. Nordstrom now must regain the trust of its employees, and do so quickly considering we're entering the department store chain's busiest time of the year. Happier employees lead to better service, which ultimately begets more sales.

"While we tend to see more headlines about customer data, compromises of employee data are also significant, especially to large employers who have thousands of employees," notes Tim Erlin, vice president, product management and strategy at Tripwire, a cyber security solutions provider. "Think about the personal data that your employer has about you. There’s enough data in there to carry out a variety of criminal activities, including identity theft and insurance fraud. Risk assessments and threat modeling need to account for all the sensitive data within an organization, including employee data.”