Email Exposed 4.000 Securities And Exchange Commission Employees

By Author: Apple Tan
Total Articles: 68
Comment this article

An Interior Department payroll processing center that provides services to several agencies unintentionally exposed the full names and Social Security numbers of nearly 4,000 Securities and Exchange Commission employees earlier this month, according to Interior officials.
On May 4, a customer support contractor inadvertently replied to a routine question from an SEC employee in an unprotected email format, and a device that was supposed to block outbound emails containing personal information failed to catch the error. A second detection system immediately notified the center’s staff about the problem, Interior spokesman, Drew Malcomb said.
Officials have no indication any information was intercepted by intruders during the approximately 60 seconds the data was in transit. Nor was sensitive information from other agencies or employees affected by the lapse at the Interior’s National Business Center, a shared services facility that handles administrative work for the Transportation and Defense departments, among others.
An investigation was launched into the incident at the service center after the ...
... data breach was discovered. An assessment of the software and security protocols at the National Business Center is ongoing. While they are not aware of any instances of identity theft, officials sent a letter to all affected employees offering 60 days of free credit-monitoring services.
The National Business Center has dealt with several incidents in the last year regarding lost or leaked employee information. In February 2010, a similar software malfunction almost exposed personnel data, but an employee caught the mistake and the software was later updated.
Then in May, a compact disc that contains personally identifiable information for about 7,500 federal employees had been reported lost by the Interior Department’s shared services centre and has still not been recovered. The incident occurred on or around May 26, 2010, when a procurement specialist at Interior’s National Business Center in Denver reported that the CD could not be located. The disc was sent to the business center by a third-party service provider. However, the files on the CD were encrypted and password-protected, so the chances of the information falling into the wrong hands were low, officials said at the time.
Such exposures of unencrypted personal information go unnoticed almost daily because they are not reported, according to John Gilligan, a member of the Obama-Biden transition team who helped formulate the administration’s information technology policies in defense and intelligence. Making matters worse, he says, is that many federal IT systems do not automatically protect with code, or encrypt, sensitive information.
“We put the burden of encryption on lots of individuals, many of whom are busy,” said Gilligan, previously a chief information officer at the Air Force and Energy departments. “It’s not that it’s not possible to do. Computers are very powerful. The developers have not yet really said, ‘Ah, this is a design problem, not a human problem.’ The government should start requiring vendors to configure their software in a secure manner before deploying it,” he added.
The frequency of data breaches of information details is only going to increase if government departments and organizations fail to pay attention on the vulnerabilities of their information and network security. Government departments and organizations need to enforce robust information security initiatives, including having a proficiently skilled IT security workforce, in order to prevent cyber attacks and minimize security breaches.
Information security professionals can increase their IT security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).