Personal data for current and former employees with the U.S. Securities and Exchange Commission (SEC) was discovered on the computer network of a separate unnamed federal agency.
How many victims? Unknown, but the SEC employs nearly 4,000 people. A letter sent to employees indicates that those employed by the SEC prior to October 2009 are affected.
What type of personal information? Names, birth dates and Social Security numbers, although the SEC letter said there is no evidence data has ended up in the wrong hands.
What happened? According to the letter, a former SEC employee “inadvertently and unknowingly” downloaded the data to a thumb drive and transferred it to the other agency.
What was the response? The SEC secured the thumb drive and eliminated the data from the other agency's network. Affected employees have been offered a free year of credit monitoring services.
Details: The former employee, a new hire, downloaded templates from the SEC and unknowingly downloaded personal data in the process. That information was uploaded to the other agency twice, once in April 2012 and again in June of that year. The incident was discovered during an unrelated security scan 10 months later.
Quote: “We deeply regret this occurrence and apologize for any inconvenience this incident may cause,” according to a letter written by SEC Chief Information Officer Thomas Bayer. “Please be assured that the SEC is committed to protecting the information with which we are entrusted.”
Source: The Hill, thehill.com, “Staff data leaks out of the SEC,” July 25, 2013.