Personal data of 4,000 SEC employees exposed

Share this article:
The personal information of thousands of U.S. Securities and Exchange Commission (SEC) employees was accidentally exposed in an unencrypted email.

How many victims? 4,000.

What type of personal information? Social Security numbers and payroll information.

What happened? The email was sent May 4 by an employee at the U.S. Department of the Interior's National Business Center, a service center in charge of payroll, human resources and financial reporting for dozens of federal agencies, including the SEC. The contractor forgot to encrypt the message, and software in place to detect such an error failed.

Details: The personal data was exposed for about one minute, while in transit. There is no indication that the data was intercepted.

The National Business Center recently has had several other breaches of employee information. In February 2010, a similar software malfunction nearly exposed personnel data, but an employee caught the mistake. Then in May, the center reported that a CD, containing sensitive information on about 7,500 federal employees from several government agencies, was lost.

What was the response? An investigation was launched after the most recent breach was discovered. An assessment of the software and security protocols at the National Business Center is ongoing.

Affected employees are being offered 60 days of free credit monitoring.

Source: Los Angeles Times,, “Email exposed 4,000 Securities and Exchange Commission employees,” May 18, 2011.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in The Data Breach Blog

Sign up to our newsletters



More in The Data Breach Blog

Two laptops containing patient data stolen from American Family Care

The two laptops stolen from American Family Care were password protected, yet unencrypted, and may have contained Social Security numbers.

Viator investigates payment card breach, notifies 1.44 million customers

More than 1.4 million Viator customers are being notified that their personal data, including payment card information, may have been compromised.

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.