E-mail breach exposes SEC employees data
Personal information on about 4,000 Securities and Exchange Commission employees was exposed, albeit briefly, in an unencrypted e-mail sent May 4 by a contractor, the Los Angeles Times reports.
The e-mail, sent by a contractor at the Interior Department’s National Business Center, included the Social Security numbers and other payroll information for the employees, but was exposed for only about 60 seconds, an Interior spokesman told the Times.
NBC provides agencies with large-scale computing services to manage payrolls, finances and human resources.
The Interior spokesman said the contractor forgot to encrypt the e-mail and then a backup software program intended to detect unencrypted messages also failed, the Times reported. The data was exposed only for the time from the e-mail was sent to when it was received, which he estimated to be about 60 seconds, and the spokesman said there was no indication it was intercepted.
"It was only a 60-second window of vulnerability,” he told the Times, “but 60 seconds is too long."
Connect with the GCN staff on Twitter @GCNtech.