About 4,000 employees at the Securities and Exchange Commission have been notified about a breach that may have exposed their Social Security numbers and other payroll information, Los Angeles Times reports.
Drew Malcomb, a Department of Interior spokesman, told Los Angeles Times the sensitive information was included in an unencrypted email sent May 4 by a contractor at the department’s National Business Center, which manages payroll, HR and financial reporting for federal agencies. Interior Department policies require that sensitive personnel information be encrypted when emailed.
But the contractor failed to encrypt the email, and the software in place to catch such errors malfunctioned, Malcomb said.
“There is no indication that the data was intercepted,” he said, adding that personal information was exposed for about 60 seconds, from the time the email was sent to the time it ended up in the recipient’s inbox.
“It was only a 60-second window of vulnerability, but 60 seconds is too long,” he added.