Personal data of 4,000 SEC employees exposed

Share this article:
The personal information of thousands of U.S. Securities and Exchange Commission (SEC) employees was accidentally exposed in an unencrypted email.

How many victims? 4,000.

What type of personal information? Social Security numbers and payroll information.

What happened? The email was sent May 4 by an employee at the U.S. Department of the Interior's National Business Center, a service center in charge of payroll, human resources and financial reporting for dozens of federal agencies, including the SEC. The contractor forgot to encrypt the message, and software in place to detect such an error failed.

Details: The personal data was exposed for about one minute, while in transit. There is no indication that the data was intercepted.

The National Business Center recently has had several other breaches of employee information. In February 2010, a similar software malfunction nearly exposed personnel data, but an employee caught the mistake. Then in May, the center reported that a CD, containing sensitive information on about 7,500 federal employees from several government agencies, was lost.

What was the response? An investigation was launched after the most recent breach was discovered. An assessment of the software and security protocols at the National Business Center is ongoing.

Affected employees are being offered 60 days of free credit monitoring.

Source: Los Angeles Times,, “Email exposed 4,000 Securities and Exchange Commission employees,” May 18, 2011.
Share this article:

Next Article in The Data Breach Blog

Sign up to our newsletters


More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.