When Laptops Thefts Hit, Retailer Did More than Most to Investigate

More than just notification letters about data beach, company put private investigation in works


When most companies experience thefts of laptops or other security breaches, they notify the cops and send out the obligatory notification letters, and that's pretty much that.

San Francisco's Gymboree, the kids' clothing retailer, took a more proactive stance after a thief recently hit the company twice in the same week, making off with three laptops and potentially endangering as many as 20,000 employees.

The company hired a private investigator to track down the perpetrator --

and this month identified to police someone it believes is a suspect in the case.

Investigators and privacy experts say Gymboree is one of a growing number of companies that recognize the need to take the initiative in security breaches as police departments struggle to keep pace with the hundreds of thousands of laptops that go missing each year.

A study in August by the Ponemon Institute, a privacy consulting firm, found that 81 percent of companies experienced the loss or theft of a laptop last year. Of laptops that go missing, 97 percent are never recovered, the study found.

"Law enforcement just doesn't have the manpower to investigate all these cases," said Robert Richardson, director of San Francisco's Computer Security Institute. "A private investigator has the time to look around black markets and in pawn shops."

Sean Walsh, a Bay Area investigator and former president of the California Association of Licensed Investigators, acknowledged that an increasing number of companies are turning to the private sector for help when laptops disappear.

"In the last few years, I've investigated a couple of dozen cases involving stolen laptops," he said.

Marina Armstrong, Gymboree's senior vice president of human resources and loss prevention, acknowledged in a statement Thursday that the company had experienced a recent security breach. But she declined to provide details of the incident.

"At Gymboree we care about our employees and wanted to treat the matter in a responsible and thoughtful way," she said.

In letters this month to as many as 20,000 employees affected by the incident, Gymboree says only that "three laptop computers were stolen from the corporate headquarters."

What actually happened is that a thief followed a Gymboree exec into the company's South of Market offices and accompanied him in the elevator to the fifth floor, according to an insider with direct knowledge of the situation.

The insider requested anonymity because Gymboree officials are uncomfortable publicizing the incident.

The insider said security tapes show the thief entered a bathroom and didn't emerge again for about an hour. The thief then entered the unlocked office of a senior exec, took a laptop that was on the desk and casually exited the building, the insider said.

Several days later, according to the insider, security tapes show that the same person returned and once again made his way to the office of a Gymboree exec. This time, he made off with an additional two laptops.

The insider said the three laptops contained unencrypted human resources data that potentially included the names and Social Security numbers of thousands of company workers.

Gymboree has 574 retail outlets nationwide, as well as 34 big-box branches and 90 additional shops for its Janie and Jack and Janeville brands.

This content continues onto the next page...