GSA workers informed of personal data breach
The personal information of thousands of federal workers is at risk after a General Services Administration worker mistakenly sent the names and Social Security numbers of all of the agency's 12,000 workers to a private e-mail account.
The incident occurred Sept. 16, and GSA security officials learned about it Sept. 22 in a weekly e-mail security report, a spokeswoman said. Workers first learned of the data breach in an agency-wide e-mail sent Sept. 28.
GSA would not say why it waited 12 days to inform workers of the breach. The agency is offering free credit monitoring for a year and $25,000 in identity theft insurance coverage to all workers, according to a letter sent to employees Oct. 25.
The incident was not caused by a system-wide security failure, but by "one person who didn't make a good decision," said GSA spokeswoman Sara Merriam. She could not immediately say if the worker who mistakenly sent the e-mail faced any disciplinary action.
GSA's Office of Inspector General is investigating the incident, a spokesman said.
"I'm very concerned that that situation could have happened at all and then of course once it happened employees needed to know right away to ensure their credit was protected," said John Hanley, president of the National Federation of Federal Employees union representing GSA workers. "I think they should have done something sooner and they should advised all employees immediately when they learned there was a breach."
Personal security breaches are all-too common in the federal workplace. Hackers breached the USAJobs.gov federal jobs database in Jan. 2009, compromising user IDs, passwords, names and addresses. The personal information of about 45,000 Federal Aviation Administration workers was compromised in Feb. 2009.
The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed in July 2009 and the department also faced criticism last January for waiting seven weeks to inform employees of another Dec. 2009 data breach.
GSA is now blocking the delivery of agency e-mails that contain unencrypted Social Security numbers or messages containing numbers formatted in a similar fashion, Merriam said.
Leave your thoughts in the comments section below
By
Ed O'Keefe
| November 8, 2010; 12:55 PM ET
Categories:
Agencies and Departments
Save & Share:
Previous: Lights out at the Commerce Department
Next: CIA Director Panetta warns employees on leaks
Posted by: kolonelpanik | November 8, 2010 5:04 PM | Report abuse
The comments to this entry are closed.
"GSA is now blocking the delivery of agency e-mails that contain unencrypted Social Security numbers or messages containing numbers formatted in a similar fashion, Merriam said."
Ed, if this is possible, are other agencies doing it? Which ones are, which ones are not? Why/why not? My agency, not named in your article, has experienced at least two similar mishaps. It is entirely inexcusable. Federal workers should simply assume that their private identity information is public.