US DOC Security Breach / Data

1. Commerce Department breached



By Judi Hasson Comment | Forward

Pick an agency, any agency, and you may find a data breach or one waiting to happen.

That's the case at the Commerce Department, the latest federal agency to disclose that personal data--including Social Security numbers--had been released on the Internet through an employee's error.

The bigger problem for Commerce is one of disclosure. A Washington Post article reveals that Commerce dragged its feet on notifying employees of the breach. Although agency heads knew about it since early December, employees just received letters mailed to their homes this past Monday.

The letters read as follows:

"A Department of Commerce employee inadvertently transmitted over the Internet a file containing the PII of Commerce employees to other Department employees. Although the Department employees were authorized to send and receive the PII, the transmission of the PII over the Internet in unencrypted form may have compromised your name and SSN."

Commerce took action within hours of this discovery to protect the information. The letter urged workers to contact credit reporting agencies in an attempt to prevent the opening of fraudulent accounts in their names. There was no reason the agency waited so long to send the letter.

It sounds like this is too little, too late. Every time this happens, we call for better training for employees and more safeguards. And then it happens again. The time is ripe for action, not inaction. And government agencies are only making their security headaches worse if nothing is done.

For more on this Commerce breach:
- see this Washington Post article

Related Articles:
Cost of data breaches gets higher
The 10 most terrifying IT debacles of 2009
Another breach: Military laptop stolen
Fed CIO outlines security holes

Read more about: Government Agencies, Department of Commerce, Data Breach