Commerce Dept. slow to notify employees of security breach

[kirniki <kirniki () gmail com>]

http://www.washingtonpost.com/wp-dyn/content/article/2010/01/26/AR2010012603509.html?hpid=news-col-blog

Why did it take the Commerce Department so long to notify employees
that their personal information, including Social Security numbers,
had been let loose on the Internet?

On Monday, employees were informed by letters mailed to their homes
about "a breach of protocol involving your Personally Identifiable
Information (PII), including your Social Security number (SSN) and
name."

The breach occurred on Dec. 4 -- more than seven weeks before workers
were told. It took Commerce nearly four weeks to prepare the letter,
which was dated Dec. 31.

[..]

According to the letter, "a Department of Commerce employee
inadvertently transmitted over the Internet a file containing the PII
of Commerce employees to other Department employees. Although the
Department employees were authorized to send and receive the PII, the
transmission of the PII over the Internet in unencrypted form may have
compromised your name and SSN."

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php