E-mail breach exposes SEC employees data

Personal information on about 4,000 Securities and Exchange Commission employees was exposed, albeit briefly, in an unencrypted e-mail sent May 4 by a contractor, the Los Angeles Times reports.

The e-mail, sent by a contractor at the Interior Department’s National Business Center, included the Social Security numbers and other payroll information for the employees, but was exposed for only about 60 seconds, an Interior spokesman told the Times.

NBC provides agencies with large-scale computing services to manage payrolls, finances and human resources.

The Interior spokesman said the contractor forgot to encrypt the e-mail and then a backup software program intended to detect unencrypted messages also failed, the Times reported. The data was exposed only for the time from the e-mail was sent to when it was received, which he estimated to be about 60 seconds, and the spokesman said there was no indication it was intercepted.

"It was only a 60-second window of vulnerability,” he told the Times, “but 60 seconds is too long."

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Reader Comments

Sun, May 22, 2011 SendInc Dallas

The email protocol, while capable of supporting encryption, doesn’t have any reliable way to guarantee or enforce end-to-end encryption. Even services like Gmail that support encryption between your computer and their service can’t guarantee your message will be transmitted securely between their mail server and your recipient’s mail server. This is because if the recipient’s mail server doesn’t support encryption (which it often doesn’t) Gmail is forced to fallback to transmitting your message in plain text. The same goes for essentially all personal and corporate mail environments.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above