Email exposed 4,000 Securities and Exchange Commission employees
The Securities and Exchange Commission is having some security problems.
About 4,000 agency employees, including several in Los Angeles, have been notified that their social security numbers and other payroll information were included accidentally in an unencrypted email, said Drew Malcomb, an Interior Department spokesman.
The May 4 email was sent by a contractor at the Interior Department’s National Business Center, a service center in charge of payroll, human resources and financial reporting for dozens of federal agencies, Malcomb said.
The contractor forgot to encrypt the email, and the software in place to catch such errors also failed and let the email through, he said.
“It was a twofold thing,” he said. “The contractor forgot and then the software failed or malfunctioned.”
An investigation was launched into the incident at the service center after the data breach was discovered. Affected employees are being offered 60 days of free credit monitoring.
“There is no indication that the data was intercepted,” Malcomb said, adding that personal information was only exposed for about 60 seconds “during the time the email was being sent, from the moment when the person hit send to the time the other person gets it in the inbox.”
“It was only a 60-second window of vulnerability, but 60 seconds is too long,” he said.
The National Business Center has dealt with several incidents in the last year regarding lost or leaked employee information. In February 2010, a similar software malfunction almost exposed personnel data, but an employee caught the mistake and the software was later updated, Malcomb said. Then in May, the center reported that a CD containing sensitive information on about 7,500 federal employees in several government agencies was lost and has still not been recovered.
Malcomb said the ongoing investigation will focus not only on the software in place but also on security protocols at a broad level at the National Business Center.
“The investigation will likely result in a change in software,” he said. “I can’t really predict what the investigation will find, but that looks kind of clear.”
-- Shan Li
Photo: A logo for the National Business Center. Credit: The National Business Center's website.