Data breach affects about 4,000 SEC workers

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.latimes.com/business/la-fi-sec-security-20110519,0,5665948.story

By Shan Li
Los Angeles Times
May 19, 2011

The Securities and Exchange Commission is having some security problems of 
its own.

About 4,000 agency employees, including several in Los Angeles, have been 
notified that their Social Security numbers and other payroll information 
were included in an unencrypted email, according to Drew Malcomb, a 
Department of Interior spokesman.

The May 4 email was sent by a contractor at the department's National 
Business Center, which manages payroll, human resources and financial 
reporting for dozens of federal agencies, Malcomb said. Interior 
Department policies require that sensitive personnel information be 
encrypted when emailed.

But the contractor neglected to encrypt the email, and the software in 
place to catch such errors did not work properly, Malcomb said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/