BreachExchange mailing list archives
Commerce Dept. slow to notify employees of security breach
From: kirniki <kirniki () gmail com>
Date: Wed, 27 Jan 2010 20:54:09 -0500
http://www.washingtonpost.com/wp-dyn/content/article/2010/01/26/AR2010012603509.html?hpid=news-col-blog Why did it take the Commerce Department so long to notify employees that their personal information, including Social Security numbers, had been let loose on the Internet? On Monday, employees were informed by letters mailed to their homes about "a breach of protocol involving your Personally Identifiable Information (PII), including your Social Security number (SSN) and name." The breach occurred on Dec. 4 -- more than seven weeks before workers were told. It took Commerce nearly four weeks to prepare the letter, which was dated Dec. 31. [..] According to the letter, "a Department of Commerce employee inadvertently transmitted over the Internet a file containing the PII of Commerce employees to other Department employees. Although the Department employees were authorized to send and receive the PII, the transmission of the PII over the Internet in unencrypted form may have compromised your name and SSN." [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Commerce Dept. slow to notify employees of security breach kirniki (Jan 27)