Network News

X My Profile
View More Activity

GSA workers informed of personal data breach

By Ed O'Keefe

The personal information of thousands of federal workers is at risk after a General Services Administration worker mistakenly sent the names and Social Security numbers of all of the agency's 12,000 workers to a private e-mail account.

The incident occurred Sept. 16, and GSA security officials learned about it Sept. 22 in a weekly e-mail security report, a spokeswoman said. Workers first learned of the data breach in an agency-wide e-mail sent Sept. 28.

GSA would not say why it waited 12 days to inform workers of the breach. The agency is offering free credit monitoring for a year and $25,000 in identity theft insurance coverage to all workers, according to a letter sent to employees Oct. 25.

The incident was not caused by a system-wide security failure, but by "one person who didn't make a good decision," said GSA spokeswoman Sara Merriam. She could not immediately say if the worker who mistakenly sent the e-mail faced any disciplinary action.

GSA's Office of Inspector General is investigating the incident, a spokesman said.

"I'm very concerned that that situation could have happened at all and then of course once it happened employees needed to know right away to ensure their credit was protected," said John Hanley, president of the National Federation of Federal Employees union representing GSA workers. "I think they should have done something sooner and they should advised all employees immediately when they learned there was a breach."

Personal security breaches are all-too common in the federal workplace. Hackers breached the USAJobs.gov federal jobs database in Jan. 2009, compromising user IDs, passwords, names and addresses. The personal information of about 45,000 Federal Aviation Administration workers was compromised in Feb. 2009.

The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed in July 2009 and the department also faced criticism last January for waiting seven weeks to inform employees of another Dec. 2009 data breach.

GSA is now blocking the delivery of agency e-mails that contain unencrypted Social Security numbers or messages containing numbers formatted in a similar fashion, Merriam said.

Leave your thoughts in the comments section below

By Ed O'Keefe  | November 8, 2010; 12:55 PM ET
Categories:  Agencies and Departments  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Lights out at the Commerce Department
Next: CIA Director Panetta warns employees on leaks

Comments

"GSA is now blocking the delivery of agency e-mails that contain unencrypted Social Security numbers or messages containing numbers formatted in a similar fashion, Merriam said."

Ed, if this is possible, are other agencies doing it? Which ones are, which ones are not? Why/why not? My agency, not named in your article, has experienced at least two similar mishaps. It is entirely inexcusable. Federal workers should simply assume that their private identity information is public.

Posted by: kolonelpanik | November 8, 2010 5:04 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company