Phishing attack leads to breach at government agency

The U.S. Commodity Futures Trading Commission (CFTC), the country's top derivatives regulator, suffered a data breach which exposed the Social Security numbers and other personal information of its employees.

How many victims? 700

What type of personal information? Social Security numbers and other personal employee information.

What happened? After receiving a phishing email, a CFTC employee submitted information to a phony website allowing saboteurs to gain access to their account, which subsequently enabled access to sensitive data belonging to employees.

Details: The hijacked email account contained emails and attachments with the names, Social Security numbers and other personal data belonging to CFTC employees, according to the agency's account of the event. An agency spokesman said the compromised information did not include any trading or market data.

What was done: Additional security controls have been added to the computer systems and staff training has increased for those who handle private information. Free identity protection has been arranged for employees.

Quote: "The CFTC believes at this time that the data breach is contained to employee information and does not compromise any trading or market data," John Rogers, chief information officer at the CFTC, said.

Source: businessweek.com, Bloomberg, “CFTC Data Breach Risks Employees' Social Security Numbers,” June 25, 2012.