The security breach occurred because Gap uses the same grey plastic bag for all packages
Emily Dreyfuss’ fiancé ordered a tie from Gap’s Banana Republic. However, instead of the tie, he received a package containing confidential information of 20 employees, including their social security numbers.Dreyfuss, who is the senior front page editor of CNET, has managed to contact a Gap representative via Twitter.
“After tweeting at Gap Inc., a mortified Banana Republic customer service associate named Adam Ross direct messaged me. Ross apologized for what he called a ‘clearly horrible mistake by our store’,” Dreyfuss wrote on her personal blog.
It turned out that Gap sends both customer orders and confidential employee information in the same grey plastic bags. An employee simply mixed up the labels.
“The bags should not be the same color, Gap Inc.! One very easy fix would be to make the package the orders come in and the package that internal records are mailed in VERY notably different,” Dreyfuss noted.