In a new attempt to fight off various security and data breaches, JC Penney Corporation implemented a new security feature involving naming conventions.

From their internal memo:

“Effective April 1st, 2015, all JC Penney Corporation employees (both part-time, full-time and management) will be required to change their legal names on a regular basis.  This is to deny unauthorized access to this critical information.  Hackers (especially ones using Social Engineering) often use personal information such as an employee’s name to gain trust and access to sensitive corporate information.

By requiring the change we seek to limit the amount of time a lost, stolen, or forged credential (in this case a name) can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year’s worth of benefit out of it. After that, it’s useless.

So too an employee’s name.

JC Penney will help assume the costs of employees changing their name with up to a $75 reimbursement.  Expenses must be validated with a copy of the invoice and submitted to their department head.

New names must pass complexity rules, which include:

New name must have a minimum of 8 characters

New name must include a symbol or numeric

New name must include an upper-case and a lower-case letter

You cannot reuse a name

Questions?  Please contact Tom Jacobs in HR.  If this is after April 1st, contact @pr1L pHeweLZ!”