On November 5, 2018, the California Attorney General reported a data breach involving Nordstrom, Inc. The breach occurred on October 9, 2018, due to improper handling of employee data by a contract worker, potentially affecting names, Social Security numbers, and other personal information. No customer data was impacted, and the company has taken measures to prevent future incidents.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-141428
TPRM report: https://www.rankiteo.com/company/nordstrom
"id": "nor609072725",
"linkid": "nordstrom",
"type": "Breach",
"date": "10/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'None',
'industry': 'Retail',
'location': 'California',
'name': 'Nordstrom, Inc.',
'type': 'Retail'}],
'attack_vector': 'Improper handling of employee data',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Other personal information']},
'date_detected': '2018-11-05',
'date_publicly_disclosed': '2018-11-05',
'description': 'A data breach involving Nordstrom, Inc. occurred due to '
'improper handling of employee data by a contract worker, '
'potentially affecting names, Social Security numbers, and '
'other personal information.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
'Other personal information']},
'post_incident_analysis': {'corrective_actions': 'Measures taken to prevent '
'future incidents',
'root_causes': 'Improper handling of employee data '
'by a contract worker'},
'references': [{'date_accessed': '2018-11-05',
'source': 'California Attorney General'}],
'response': {'remediation_measures': 'Measures taken to prevent future '
'incidents'},
'threat_actor': 'Contract worker',
'title': 'Nordstrom Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human error'}