SEC Suffers Email Encryption Snafu

May 20, 2011 | Filed under: Cyber | Posted by:

About 4,000 employees at the Securities and Exchange Commission have been notified about a breach that may have exposed their Social Security numbers and other payroll information, Los Angeles Times reports.

Drew Malcomb, a Department of Interior spokesman, told Los Angeles Times the sensitive information was included in an unencrypted email sent May 4 by a contractor at the department’s National Business Center, which manages payroll, HR and financial reporting for federal agencies. Interior Department policies require that sensitive personnel information be encrypted when emailed.

But the contractor failed to encrypt the email, and the software in place to catch such errors malfunctioned, Malcomb said.

“There is no indication that the data was intercepted,” he said, adding that personal information was exposed for about 60 seconds, from the time the email was sent to the time it ended up in the recipient’s inbox.

“It was only a 60-second window of vulnerability, but 60 seconds is too long,” he added.

 

Related posts:

  1. UK Treasury Suffers Daily Cyber Attacks
  2. Journalists’ Email Hacked in China
  3. Energy Department Lab Suffers Cyber Attack
  4. Chinese Want to See Encryption Info
  5. New Phishing Scam Targets US Businesses with Fake Email from BBB

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>