Establishing Digital Trust: Don't Sacrifice Security for Convenience
The Hill reports that the U.S. Securities and Exchange Commission (SEC) recently warned its staff that current and former SEC employees' personal information was recently found on the networks of another, unidentified federal agency (h/t DataBreaches.net).
According to a letter sent on July 8, 2013 from SEC chief information officer Thomas Bayer to those affected, a former SEC employee inadvertently downloaded employees' names, birthdates and Social Security numbers on a thumb drive, then transferred them to the other agency.
The employee had apparently downloaded "templates" to be used in his new job, without realizing that he was also downloading the personal data in the process.
The SEC didn't learn of the breach until 10 months later. It's unclear from the letter how many employees' personal information was exposed, though the breach apparently affects employees who worked at the SEC prior to October 2009. The SEC says there's no indication that the data was inappropriately accessed.
Still, Hester Peirce, a former SEC staff attorney who was affected by the breach, asked The Hill, "What if he'd gone to the private sector? What if he'd dropped that thumb drive somewhere, with mine, and I'm assuming quite a few other people's personal information?"
All those affected are being offered a year of free credit monitoring services.