Old Navy
Company Details
Linkedin ID:
gap-inc.-old-navy
Employees number:
29,072
Number of followers:
248,842
NAICS:
43
Industry Type:
Homepage:
gapinc.com
IP Addresses:
0
Company ID:
OLD_1717290
Scan Status:
In-progress
Old Navy Company CyberSecurity Posture
gapinc.com
Forget what you know about old-school industry rules. When you work at Old Navy, you’re choosing a different path. From day one, we’ve been on a mission to democratize fashion and make shopping fun again. Our teams make style accessible to everyone, creating high-quality, must-have fashion essentials for the whole family, with love, season after season. We opened our first store in 1994 in San Francisco and have been on a roll ever since. Today, customers can find fabulous fashion at affordable prices online and in one of our 1,000+ stores globally. Old Navy celebrates a workplace that’s just as diverse as our customers. Fun, fashion, family and value are at the heart of everything we do. We cultivate a community of playful personalities that thrive in a fast-paced environment where our employees can be their most authentic selves. Here, we’re family. Old Navy – a brand for everyone, a place for you!
Old Navy A.I CyberSecurity Scoring
Old Navy Risk Score (AI oriented)Between 800 and 849
Old Navy
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Old Navy Global Score (TPRM)XXXX
Old Navy
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Old Navy Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Gap Inc.: Gap International Data Breach Investigation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Recently, Gap reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, on July 22, 2025, Gap experienced a network disruption.1 As a result, Gap launched an investigation to determine the nature of the incident. Through its investigation, Gap confirmed that sensitive personal information in its systems may have been accessed or acquired by an unauthorized third party during the breach. As a result, Gap began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes: Name Social Security number Driver’s license or state ID number Medical information Health insurance information On November 28, 2025, Gap began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, Gap is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the breach notification letters that Gap filed with the Attorney General of Vermont is below.
Gap Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach involving Gap Inc. on January 25, 2010. The breach affected 1 individual and involved compromised credit/debit numbers from electronic records.
Old Navy Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Old Navy
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Old Navy in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Old Navy in 2026.
Incident Types Old Navy vs Retail Industry Avg (This Year)
No incidents recorded for Old Navy in 2026.
Incident History — Old Navy (X = Date, Y = Severity)
Old Navy cyber incidents detection timeline including parent company and subsidiaries
Old Navy Company Subsidiaries
Forget what you know about old-school industry rules. When you work at Old Navy, you’re choosing a different path. From day one, we’ve been on a mission to democratize fashion and make shopping fun again. Our teams make style accessible to everyone, creating high-quality, must-have fashion essentials for the whole family, with love, season after season. We opened our first store in 1994 in San Francisco and have been on a roll ever since. Today, customers can find fabulous fashion at affordable prices online and in one of our 1,000+ stores globally. Old Navy celebrates a workplace that’s just as diverse as our customers. Fun, fashion, family and value are at the heart of everything we do. We cultivate a community of playful personalities that thrive in a fast-paced environment where our employees can be their most authentic selves. Here, we’re family. Old Navy – a brand for everyone, a place for you!
Loading...
Old Navy Similar Companies
Argos
Since 1973, Argos has been growing, and fast, and today we’re proud to be one of the nation’s biggest omnichannel retailers. As we’ve gone digital in a big way over the years, our business has changed massively, but our commitment and passion for our values and customers remains just as strong. Fr
Rite Aid is a full-service pharmacy committed to improving health outcomes. Rite Aid is defining the modern pharmacy by meeting customer needs with a wide range of solutions that offer convenience, including retail and delivery pharmacy, as well as services offered through our wholly owned subsidi
Mercadona
Mercadona is a leading company of physical supermarkets in Spain with an online service, with over 1,610 stores and more than 5.9 million households as customers. Additionally, it has 60 stores in Portugal, with a presence in nine different districts. A family-owned company, its objective is to off
Gap
In 1969, Don and Doris Fisher opened the first Gap store on Ocean Avenue in San Francisco. They wanted to make it easier to find a great pair of jeans, and they did. Their denim and records store was a hit, and it grew to become one of the world’s most iconic brands. Today we’re represented in m
Sainsbury's
Over 150 years old and still going strong, we’re the UK’s second-biggest retailer. Every day, the nation shops with us because they know they’ll get affordable, good food and excellent service. We focus on great value and convenient shopping across our family of brands, from Argos, Nectar and Habit
Wakefern Food Corp.
About Wakefern Food Corp. What began in 1946 as a small, local cooperative formed by eight visionary grocery store owners has grown into Wakefern Food Corp., the largest retailer-owned cooperative in the United States. Headquartered in New Jersey, Wakefern today is a vibrant network of member famil
Landmark Group
For over five decades, Landmark Group has shaped the region’s retail and hospitality landscape-growing from a single store in Bahrain to one of the largest and most successful omnichannel and hospitality groups across the Middle East, Asia and Africa. Rooted in purpose and powered by innovation, we
Mr.Bricolage
Mr.Bricolage a de grands projets et vous en faîtes partie ! Enseigne connue et appréciée des Français, le Groupe Mr.Bricolage est un groupement d’adhérents-entrepreneurs indépendants, spécialistes de la rénovation et de l’embellissement de la maison et du jardin. Avec 1 091 magasins répartis en Fran
Foot Locker
Foot Locker, Inc. is a leading footwear and apparel retailer that unlocks the “inner sneakerhead” in all of us. With approximately 2,500 retail stores in 26 countries across North America, Europe, Asia, Australia, and New Zealand, and a franchised store presence in the Middle East and Asia, Foot Loc
.png)
Old Navy CyberSecurity News
December 15, 2025 08:00 AM
Old Dominion University Becomes First University to Earn NSA Cybersecurity Validation for AI Academic Programs
Old Dominion University's School of Cybersecurity is setting a new national benchmark in cybersecurity education by becoming the first...
November 26, 2025 08:00 AM
Best Matching Family Pajamas 2025: 14 Picture-Perfect Editor Picks
A favorite holiday tradition is wearing coordinating PJs every year. Here are the best matching family pajamas for lounging and taking...
November 13, 2025 08:00 AM
Old Navy and DoorDash Partner to Make Shopping Easier with On-Demand Delivery
Exclusive partnership expands Old Navy's omnichannel reach and makes great style more accessible than ever. SAN FRANCISCO, November 13,...
November 07, 2025 11:38 PM
Old Navy Promo Codes And Deals: Refresh Your Wardrobe For Up To 50% Off
Our editors are monitoring the best Old Navy promo codes and deals. Here's how to save up to 70% this month.
November 01, 2025 09:28 AM
Indian Navy Seminar on Impact of Cyber Attacks and their Global Ramifications
Indian Navy successfully organised a seminar on 'Impact of Cyber Attacks on Maritime Sector and Its Effects on National Security and International...
October 25, 2025 07:00 AM
How To Hack Old Navy’s Sale Calendar for Year-Round Savings
Discover the best times to shop Old Navy sales and save up to 60% on clothing, accessories and seasonal essentials.
October 15, 2025 07:00 AM
Network and cyber support contract signed between Sev1Tech and Navy command
WOODBRIDGE, Va. Information-technology and cybersecurity systems integration company Sev1Tech won a $49 million contract under the SeaPort...
September 17, 2025 07:00 AM
Gregory Wilson’s Journey from Navy Kitchen to Cybersecurity Frontier
Gregory Wilson '24 (M.S. '25) came to Old Dominion University to study cybersecurity after deciding to leave the culinary field.
September 16, 2025 07:00 AM
Abbott taps retired Navy admiral to lead San Antonio-based Texas Cyber Command
A retired Navy admiral and longtime cybersecurity expert will be the first boss of the state's new cyber command that's coming to San...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Old Navy CyberSecurity History Information
Official Website of Old Navy
The official website of Old Navy is https://jobs.gapinc.com/old-navy-home.
Old Navy’s AI-Generated Cybersecurity Score
According to Rankiteo, Old Navy’s AI-generated cybersecurity score is 802, reflecting their Good security posture.
How many security badges does Old Navy’ have ?
According to Rankiteo, Old Navy currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Old Navy been affected by any supply chain cyber incidents ?
According to Rankiteo, Old Navy has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Old Navy have SOC 2 Type 1 certification ?
According to Rankiteo, Old Navy is not certified under SOC 2 Type 1.
Does Old Navy have SOC 2 Type 2 certification ?
According to Rankiteo, Old Navy does not hold a SOC 2 Type 2 certification.
Does Old Navy comply with GDPR ?
According to Rankiteo, Old Navy is not listed as GDPR compliant.
Does Old Navy have PCI DSS certification ?
According to Rankiteo, Old Navy does not currently maintain PCI DSS compliance.
Does Old Navy comply with HIPAA ?
According to Rankiteo, Old Navy is not compliant with HIPAA regulations.
Does Old Navy have ISO 27001 certification ?
According to Rankiteo,Old Navy is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Old Navy
Old Navy operates primarily in the Retail industry.
Number of Employees at Old Navy
Old Navy employs approximately 29,072 people worldwide.
Subsidiaries Owned by Old Navy
Old Navy presently has no subsidiaries across any sectors.
Old Navy’s LinkedIn Followers
Old Navy’s official LinkedIn profile has approximately 248,842 followers.
NAICS Classification of Old Navy
Old Navy is classified under the NAICS code 43, which corresponds to Retail Trade.
Old Navy’s Presence on Crunchbase
No, Old Navy does not have a profile on Crunchbase.
Old Navy’s Presence on LinkedIn
Yes, Old Navy maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gap-inc.-old-navy.
Cybersecurity Incidents Involving Old Navy
As of January 24, 2026, Rankiteo reports that Old Navy has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Old Navy has an estimated 15,595 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Old Navy ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Old Navy detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notification letters mailed to affected individuals on 2025-11-28, offering complimentary credit monitoring services...
Incident Details
Can you provide details on each incident ?
Title: Gap Inc. Data Breach
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach involving Gap Inc. on January 25, 2010. The breach affected 1 individual and involved compromised credit/debit numbers from electronic records.
Date Detected: 2010-01-25
Date Publicly Disclosed: 2010-01-25
Type: Data Breach
Title: Gap Data Breach Involving Sensitive Personal and Health Information
Description: Gap reported a data breach to the Attorney General of Vermont, where sensitive personal identifiable information (PII) and protected health information (PHI) may have been compromised. The breach was detected following a network disruption on July 22, 2025. An investigation confirmed unauthorized access to systems, potentially exposing names, Social Security numbers, driver’s license/state ID numbers, medical information, and health insurance details. Notification letters were mailed to affected individuals on November 28, 2025, offering complimentary credit monitoring services.
Date Detected: 2025-07-22
Date Publicly Disclosed: 2025-11-28
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GAP250071625
Data Compromised: Credit/debit numbers
Payment Information Risk: True
Incident : Data Breach GAP1764815006
Data Compromised: Name, Social security number, Driver’s license/state id number, Medical information, Health insurance information
Brand Reputation Impact: Potential negative impact due to exposure of sensitive PII/PHI
Identity Theft Risk: High (due to exposure of SSNs, driver’s license numbers, and health information)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit/Debit Numbers, , Personally Identifiable Information (Pii), Protected Health Information (Phi) and .
Which entities were affected by each incident ?
Incident : Data Breach GAP250071625
Entity Name: Gap Inc.
Entity Type: Retail
Industry: Retail
Customers Affected: 1
Incident : Data Breach GAP1764815006
Entity Name: Gap Inc.
Entity Type: Retail Corporation
Industry: Apparel and Accessories
Location: Global (HQ: San Francisco, California, USA)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach GAP1764815006
Incident Response Plan Activated: True
Communication Strategy: Notification letters mailed to affected individuals on 2025-11-28, offering complimentary credit monitoring services.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GAP250071625
Type of Data Compromised: Credit/debit numbers
Number of Records Exposed: 1
Incident : Data Breach GAP1764815006
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Sensitivity of Data: High (includes SSNs, driver’s license numbers, medical, and health insurance information)
Data Exfiltration: Potential access or acquisition by unauthorized third party
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach GAP1764815006
Regulatory Notifications: Notified Attorney General of Vermont
References
Where can I find more information about each incident ?
Incident : Data Breach GAP250071625
Source: Massachusetts Office of Consumer Affairs and Business Regulation
Date Accessed: 2010-01-25
Incident : Data Breach GAP1764815006
Source: Attorney General of Vermont - Gap Data Breach Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Massachusetts Office of Consumer Affairs and Business RegulationDate Accessed: 2010-01-25, and Source: Attorney General of Vermont - Gap Data Breach Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach GAP1764815006
Investigation Status: Completed (as of November 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification letters mailed to affected individuals on 2025-11-28 and offering complimentary credit monitoring services..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach GAP1764815006
Customer Advisories: Notification letters sent to affected individuals with details of compromised data and credit monitoring offers.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification letters sent to affected individuals with details of compromised data and credit monitoring offers..
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2010-01-25.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-28.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were credit/debit numbers, , Name, Social Security number, Driver’s license/state ID number, Medical information, Health insurance information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Health insurance information, credit/debit numbers, Name, Driver’s license/state ID number, Medical information and Social Security number.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Massachusetts Office of Consumer Affairs and Business Regulation and Attorney General of Vermont - Gap Data Breach Notice.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (as of November 2025).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notification letters sent to affected individuals with details of compromised data and credit monitoring offers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gap-inc.-old-navy' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
