An unidentified Hill Air Force Base employee was looking to work from home, but instead had to be “dealt with” after he emailed personal information on hundreds of colleagues to an unprotected personal email address.
How many victims? 525.
What type of personal information? Names and Social Security numbers, among other data.
What happened? Looking to work from home, the employee emailed the data to an unprotected personal email address.
What was the response? The Utah base notified the affected employees by letter, suggesting a 90-day fraud alert be placed on each of their credit files. Hill Air Force Base is reviewing its policies to reduce the chances of this happening again. Recurring training will be provided with emphasis on handling personal information.
Details: The employee sent out the email in the beginning of July. A follow-up investigation determined that the information contained within the email had not been used maliciously. The employee's supervisor has “dealt with the violation,” according to a Hill Air Force Base spokesperson. Hill Air Force Base did not respond to a request from SCMagazine.com for more details.
Quote: “While there is no excuse for violating this policy, I do want to assure you this was not a malicious act,” John Cullinane, director of Hill's 75th Force Support Squadron, said in the letter. “At a minimum, we will be providing additional training to personnel to ensure they understand that personally identifiable information must at all times be treated in a manner that preserves and protects the confidentiality of the data.”
Source: standard.net, Standard-Examiner, “Hill employee personal info improperly transmitted,” Aug. 23, 2013.