Old Navy
Company Details
Linkedin ID:
gap-inc.-old-navy
Employees number:
29,072
Number of followers:
248,842
NAICS:
43
Industry Type:
Homepage:
gapinc.com
IP Addresses:
0
Company ID:
OLD_1717290
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Old Navy Vendor Cyber Rating & Cyber Score
gapinc.comForget what you know about old-school industry rules. When you work at Old Navy, you’re choosing a different path. From day one, we’ve been on a mission to democratize fashion and make shopping fun again. Our teams make style accessible to everyone, creating high-quality, must-have fashion essentials for the whole family, with love, season after season. We opened our first store in 1994 in San Francisco and have been on a roll ever since. Today, customers can find fabulous fashion at affordable prices online and in one of our 1,000+ stores globally. Old Navy celebrates a workplace that’s just as diverse as our customers. Fun, fashion, family and value are at the heart of everything we do. We cultivate a community of playful personalities that thrive in a fast-paced environment where our employees can be their most authentic selves. Here, we’re family. Old Navy – a brand for everyone, a place for you!
Old Navy A.I CyberSecurity Scoring
Old Navy Risk Score (AI oriented)Between 800 and 849
Old Navy
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Old Navy Global Score (TPRM)XXXX
Old Navy
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Old Navy Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Gap Inc.: Gap International Data Breach Investigation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Recently, Gap reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, on July 22, 2025, Gap experienced a network disruption.1 As a result, Gap launched an investigation to determine the nature of the incident. Through its investigation, Gap confirmed that sensitive personal information in its systems may have been accessed or acquired by an unauthorized third party during the breach. As a result, Gap began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes: Name Social Security number Driver’s license or state ID number Medical information Health insurance information On November 28, 2025, Gap began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, Gap is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the breach notification letters that Gap filed with the Attorney General of Vermont is below.
Gap Inc.
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach involving Gap Inc. on January 25, 2010. The breach affected 1 individual and involved compromised credit/debit numbers from electronic records.
Old Navy Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Old Navy
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Old Navy in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Old Navy in 2026.
Incident Types Old Navy vs Retail Industry Avg (This Year)
No incidents recorded for Old Navy in 2026.
Incident History — Old Navy (X = Date, Y = Severity)
Old Navy cyber incidents detection timeline including parent company and subsidiaries
Old Navy Company Subsidiaries
Forget what you know about old-school industry rules. When you work at Old Navy, you’re choosing a different path. From day one, we’ve been on a mission to democratize fashion and make shopping fun again. Our teams make style accessible to everyone, creating high-quality, must-have fashion essentials for the whole family, with love, season after season. We opened our first store in 1994 in San Francisco and have been on a roll ever since. Today, customers can find fabulous fashion at affordable prices online and in one of our 1,000+ stores globally. Old Navy celebrates a workplace that’s just as diverse as our customers. Fun, fashion, family and value are at the heart of everything we do. We cultivate a community of playful personalities that thrive in a fast-paced environment where our employees can be their most authentic selves. Here, we’re family. Old Navy – a brand for everyone, a place for you!
Loading...
Old Navy Similar Companies
Colruyt Group
Colruyt Group operates in the food and non-food distribution sector in Belgium, France and Luxembourg with more than 700 own stores and over 1.000 affiliated stores. In Belgium, this includes Colruyt Lowest Prices, Okay, Comarkt, Bio-Planet, Cru, Bike Republic, Zeb, PointCarré, The Fashion Store and
At Starbucks, we like to say that we are not in the coffee business serving people, but in the people business serving coffee. Here, our employees - who we call partners – are the heart of the Starbucks experience, and being a partner means aspiring to become part of something bigger: inspiring posi
Argos
Since 1973, Argos has been growing, and fast, and today we’re proud to be one of the nation’s biggest omnichannel retailers. As we’ve gone digital in a big way over the years, our business has changed massively, but our commitment and passion for our values and customers remains just as strong. Fr
Indomaret Group
Originated from the idea to facilitate the provision of employees’ basic daily needs, a store, known as Indomaret, was established in 1988. As the store developed, the Company were interested to further explore and understand the consumers’ various needs and shopping behaviors. Hence, several employ
Morrisons
Our team of friendly faces works as one to provide shopping trips and a career experience you won’t find anywhere else. Together we work the Morrisons way. Constantly looking to do things even better, we work in partnership with our communities, colleagues, suppliers and British farmers to provide
PUMA Group
PUMA is one of the world’s leading sports brands, designing, developing, selling and marketing footwear, apparel and accessories. For more than 75 years, PUMA has relentlessly pushed sport and culture forward by creating fast products for the world’s fastest athletes. PUMA offers performance and spo
H-E-B
H-E-B is headquartered in San Antonio, Texas with approximately $46 billion in revenue and 160,000+ Partners. Founded in 1905, H-E-B operates more than 435 stores in a number of formats, including H-E-B, Joe V’s Smart Shop, Central Market, Mi Tienda, and Favor. There are truly aisles and aisles of
Grupo Éxito
En Grupo Éxito evolucionamos junto a nuestros clientes, adaptándonos a las nuevas formas de consumo a través de la innovación, la transformación digital, las experiencias y la sostenibilidad. Como parte de la plataforma de retail más grande de Suramérica, estamos presentes en Colombia con las marcas
Marisa S.A.
Marisa S.A. is the largest Brazilian department store chain specialized in women’s clothing based on the number of stores in Brazil. The Company’s business strategy and operations focus primarily on middle-lower income women between the ages of 20 and 35. The Company’s target customers are members o
.png)
Old Navy CyberSecurity News
March 26, 2026 03:04 PM
Australia's cyber security chief says Austal defense hack investigation may take years
By Colin Packham SYDNEY (Reuters) - Australia's chief cyber security chief said on Tuesday an investigation into the hacking of defense...
March 20, 2026 10:52 AM
Private equity firm STG takes 70 percent stake in cybersecurity firm RedSeal
The deal, shared with Reuters a day ahead of the official announcement, follows a slew of acquisitions in the cybersecurity sector by private equity firms...
March 05, 2026 08:00 AM
Historic winter storms weigh on Gap, Old Navy performance after 800 temporary store closures
Gap has been on a steady upswing of growth but saw worse than expected results during its holiday quarter after historic winter storms led...
February 10, 2026 08:00 AM
Old Navy is selling high-waisted leggings for $20 that are available up to size 4X
The High-Waisted PowerChill Leggings, which come in seven colors, are 33% off at Old Navy.
February 05, 2026 08:00 AM
I Found The Best Old Navy Promo Codes And Deals This Week
Our editors are monitoring the best Old Navy promo codes and deals. Here's how to save this week.
February 03, 2026 08:00 AM
Business Notes: Feds recognize ODU cybersecurity school; submarine reaches milestone in Newport News
Former Gov. Glenn Youngkin made the following appointments to state authorities, boards and committees: Ashley McLeod of Virginia Beach,...
January 30, 2026 08:00 AM
Old Navy’s stylish crew-neck T-shirts are just $7 for a limited time
Shopping around for some comfortable, reliable, great-looking shirts to build out your wardrobe? Stock up on Old Navy Crew-Neck T-Shirts at...
January 29, 2026 08:00 AM
Old Dominion University Researchers Partner with U.S. Cyber Command to Solve National Cybersecurity Challenges
Old Dominion University's nationally recognized School of Cybersecurity has begun work with U.S. Cyber Command to address pressing national...
December 15, 2025 08:00 AM
Old Dominion University Becomes First University to Earn NSA Cybersecurity Validation for AI Academic Programs
Old Dominion University's School of Cybersecurity is setting a new national benchmark in cybersecurity education by becoming the first...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Old Navy CyberSecurity History Information
Official Website of Old Navy
The official website of Old Navy is https://jobs.gapinc.com/old-navy-home.
Old Navy’s AI-Generated Cybersecurity Score
According to Rankiteo, Old Navy’s AI-generated cybersecurity score is 802, reflecting their Good security posture.
How many security badges does Old Navy’ have ?
According to Rankiteo, Old Navy currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Old Navy been affected by any supply chain cyber incidents ?
According to Rankiteo, Old Navy has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Old Navy have SOC 2 Type 1 certification ?
According to Rankiteo, Old Navy is not certified under SOC 2 Type 1.
Does Old Navy have SOC 2 Type 2 certification ?
According to Rankiteo, Old Navy does not hold a SOC 2 Type 2 certification.
Does Old Navy comply with GDPR ?
According to Rankiteo, Old Navy is not listed as GDPR compliant.
Does Old Navy have PCI DSS certification ?
According to Rankiteo, Old Navy does not currently maintain PCI DSS compliance.
Does Old Navy comply with HIPAA ?
According to Rankiteo, Old Navy is not compliant with HIPAA regulations.
Does Old Navy have ISO 27001 certification ?
According to Rankiteo,Old Navy is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Old Navy
Old Navy operates primarily in the Retail industry.
Number of Employees at Old Navy
Old Navy employs approximately 29,072 people worldwide.
Subsidiaries Owned by Old Navy
Old Navy presently has no subsidiaries across any sectors.
Old Navy’s LinkedIn Followers
Old Navy’s official LinkedIn profile has approximately 248,842 followers.
NAICS Classification of Old Navy
Old Navy is classified under the NAICS code 43, which corresponds to Retail Trade.
Old Navy’s Presence on Crunchbase
No, Old Navy does not have a profile on Crunchbase.
Old Navy’s Presence on LinkedIn
Yes, Old Navy maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gap-inc.-old-navy.
Cybersecurity Incidents Involving Old Navy
As of April 02, 2026, Rankiteo reports that Old Navy has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Old Navy has an estimated 15,730 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Old Navy ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Old Navy detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notification letters mailed to affected individuals on 2025-11-28, offering complimentary credit monitoring services...
Incident Details
Can you provide details on each incident ?
Title: Gap Inc. Data Breach
Description: The Massachusetts Office of Consumer Affairs and Business Regulation reported a data breach involving Gap Inc. on January 25, 2010. The breach affected 1 individual and involved compromised credit/debit numbers from electronic records.
Date Detected: 2010-01-25
Date Publicly Disclosed: 2010-01-25
Type: Data Breach
Title: Gap Data Breach Involving Sensitive Personal and Health Information
Description: Gap reported a data breach to the Attorney General of Vermont, where sensitive personal identifiable information (PII) and protected health information (PHI) may have been compromised. The breach was detected following a network disruption on July 22, 2025. An investigation confirmed unauthorized access to systems, potentially exposing names, Social Security numbers, driver’s license/state ID numbers, medical information, and health insurance details. Notification letters were mailed to affected individuals on November 28, 2025, offering complimentary credit monitoring services.
Date Detected: 2025-07-22
Date Publicly Disclosed: 2025-11-28
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GAP250071625
Data Compromised: Credit/debit numbers
Payment Information Risk: True
Incident : Data Breach GAP1764815006
Data Compromised: Name, Social security number, Driver’s license/state id number, Medical information, Health insurance information
Brand Reputation Impact: Potential negative impact due to exposure of sensitive PII/PHI
Identity Theft Risk: High (due to exposure of SSNs, driver’s license numbers, and health information)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credit/Debit Numbers, , Personally Identifiable Information (Pii), Protected Health Information (Phi) and .
Which entities were affected by each incident ?
Incident : Data Breach GAP250071625
Entity Name: Gap Inc.
Entity Type: Retail
Industry: Retail
Customers Affected: 1
Incident : Data Breach GAP1764815006
Entity Name: Gap Inc.
Entity Type: Retail Corporation
Industry: Apparel and Accessories
Location: Global (HQ: San Francisco, California, USA)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach GAP1764815006
Incident Response Plan Activated: True
Communication Strategy: Notification letters mailed to affected individuals on 2025-11-28, offering complimentary credit monitoring services.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GAP250071625
Type of Data Compromised: Credit/debit numbers
Number of Records Exposed: 1
Incident : Data Breach GAP1764815006
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Sensitivity of Data: High (includes SSNs, driver’s license numbers, medical, and health insurance information)
Data Exfiltration: Potential access or acquisition by unauthorized third party
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach GAP1764815006
Regulatory Notifications: Notified Attorney General of Vermont
References
Where can I find more information about each incident ?
Incident : Data Breach GAP250071625
Source: Massachusetts Office of Consumer Affairs and Business Regulation
Date Accessed: 2010-01-25
Incident : Data Breach GAP1764815006
Source: Attorney General of Vermont - Gap Data Breach Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Massachusetts Office of Consumer Affairs and Business RegulationDate Accessed: 2010-01-25, and Source: Attorney General of Vermont - Gap Data Breach Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach GAP1764815006
Investigation Status: Completed (as of November 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification letters mailed to affected individuals on 2025-11-28 and offering complimentary credit monitoring services..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach GAP1764815006
Customer Advisories: Notification letters sent to affected individuals with details of compromised data and credit monitoring offers.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Notification letters sent to affected individuals with details of compromised data and credit monitoring offers..
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2010-01-25.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-28.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were credit/debit numbers, , Name, Social Security number, Driver’s license/state ID number, Medical information, Health insurance information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Driver’s license/state ID number, Name, Medical information, Health insurance information, credit/debit numbers and Social Security number.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Attorney General of Vermont - Gap Data Breach Notice and Massachusetts Office of Consumer Affairs and Business Regulation.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (as of November 2025).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Notification letters sent to affected individuals with details of compromised data and credit monitoring offers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gap-inc.-old-navy' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
