Data Breach Affects About 4,000 SEC Workers
The Los Angeles Times reports on a data breach that affected employees of the federal Securities and Exchange Commission on May 19, 2011.
"About 4,000 agency employees, including several in Los Angeles, have been notified that their Social Security numbers and other payroll information were included in an unencrypted email," according to Drew Malcomb, a Department of Interior spokesman.
The email was sent on May 4 by a contractor at the department's National Business Center, which manages payroll, human resources and financial reporting for dozens of federal agencies, Malcomb told the Los Angeles Times.
According to Malcomb, Interior Department policies require that sensitive personnel information be encrypted when emailed. But the contractor neglected to encrypt the email, and the software in place to catch such errors did not work properly. "It was a twofold thing," he said. "The contractor forgot and then the software failed or malfunctioned."
The employee responsible is now barred from dealing with personal
An investigation was launched into the incident at the service center after the data breach was discovered. An assessment of the software and security protocols at the National Business Center is ongoing. Affected employees were notified after the incident and were offered 60 days of free credit monitoring.
"There is no indication that the data was intercepted," Malcomb said, adding that personal information was only exposed for about 60 seconds "during the time the email was being sent, from the moment when the person hit send to the time the other person gets it in the inbox."
"It was only a 60-second window of vulnerability, but 60 seconds is too long," he added.
The National Business Center has dealt with several incidents in the last year regarding lost or leaked employee information. In February 2010, a similar software malfunction almost exposed personnel data, but an employee caught the mistake and the software was later updated.
Then in May, a compact disc that contains personally identifiable information for about 7,500 federal employees had been reported lost by the Interior Department's shared services centre and has still not been recovered. The incident occurred on or around May 26, 2010, when a procurement specialist at Interior's National Business Center in Denver reported that the CD could not be located. The disc was sent to the business center by a third-party service provider. However, the data on the CD was claimed to be encrypted and password-protected.
Malcomb said the ongoing investigation will focus not only on the software in place but also on security protocols at a broad level at the National Business Center. "The investigation will likely result in a change in software," he said. "I can't really predict what the investigation will find, but that looks kind of clear."
The frequency of data breaches of information details is only going to increase if government departments and organizations fail to pay attention on the vulnerabilities of their information and network security. Government departments and organizations need to enforce robust information security initiatives, including having a proficiently skilled IT security workforce, in order to prevent cyber attacks and minimize security breaches.
Information security professionals can increase their IT security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it's like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
Links:
MTS to AVI Conversion software Nowadays, you might be have met this kind of situation that you get a pile of video files in various like MTS, AVI, WMV, MKV and so on Videos transcribed by Sony high definition digital vidicon are always kept with MTS format MTS to AVI features with Converting the original MTS/M2TS videos to AVI, This software support directly import MTS files to the software How to convert MTS to AVI
Convert M4A to MP3 is supporting many popular video and audio formats. It is famous for its excellent quality. M4A to MP3 can simply provide you one good way to convert audio format between many popular formats M4A to MP3
MTS to AVI Converter In the meantime, it apply to nearly all devices: PC, laptop, Apple: iPad, iPod Phone, Sony PSP, Zune, mp4 Players, HTC, Smartphone, Xbox, etc Videos transcribed by Sony high definition digital vidicon are always kept with MTS format Convert MTS to AVI features with You can convert between every video format with it, To efficiently edit and play back the source MTS file Converting MTS to AVI
Logo Design Tips For Becoming A Professional Logo Designer
ACT! Hosting - An Affordable and Flexible CRM Solution
Enterprise Mobility Solutions
"About 4,000 agency employees, including several in Los Angeles, have been notified that their Social Security numbers and other payroll information were included in an unencrypted email," according to Drew Malcomb, a Department of Interior spokesman.
The email was sent on May 4 by a contractor at the department's National Business Center, which manages payroll, human resources and financial reporting for dozens of federal agencies, Malcomb told the Los Angeles Times.
According to Malcomb, Interior Department policies require that sensitive personnel information be encrypted when emailed. But the contractor neglected to encrypt the email, and the software in place to catch such errors did not work properly. "It was a twofold thing," he said. "The contractor forgot and then the software failed or malfunctioned."
The employee responsible is now barred from dealing with personal
An investigation was launched into the incident at the service center after the data breach was discovered. An assessment of the software and security protocols at the National Business Center is ongoing. Affected employees were notified after the incident and were offered 60 days of free credit monitoring.
"There is no indication that the data was intercepted," Malcomb said, adding that personal information was only exposed for about 60 seconds "during the time the email was being sent, from the moment when the person hit send to the time the other person gets it in the inbox."
"It was only a 60-second window of vulnerability, but 60 seconds is too long," he added.
The National Business Center has dealt with several incidents in the last year regarding lost or leaked employee information. In February 2010, a similar software malfunction almost exposed personnel data, but an employee caught the mistake and the software was later updated.
Then in May, a compact disc that contains personally identifiable information for about 7,500 federal employees had been reported lost by the Interior Department's shared services centre and has still not been recovered. The incident occurred on or around May 26, 2010, when a procurement specialist at Interior's National Business Center in Denver reported that the CD could not be located. The disc was sent to the business center by a third-party service provider. However, the data on the CD was claimed to be encrypted and password-protected.
Malcomb said the ongoing investigation will focus not only on the software in place but also on security protocols at a broad level at the National Business Center. "The investigation will likely result in a change in software," he said. "I can't really predict what the investigation will find, but that looks kind of clear."
The frequency of data breaches of information details is only going to increase if government departments and organizations fail to pay attention on the vulnerabilities of their information and network security. Government departments and organizations need to enforce robust information security initiatives, including having a proficiently skilled IT security workforce, in order to prevent cyber attacks and minimize security breaches.
Information security professionals can increase their IT security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it's like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.
Links:
MTS to AVI Conversion software Nowadays, you might be have met this kind of situation that you get a pile of video files in various like MTS, AVI, WMV, MKV and so on Videos transcribed by Sony high definition digital vidicon are always kept with MTS format MTS to AVI features with Converting the original MTS/M2TS videos to AVI, This software support directly import MTS files to the software How to convert MTS to AVI
Convert M4A to MP3 is supporting many popular video and audio formats. It is famous for its excellent quality. M4A to MP3 can simply provide you one good way to convert audio format between many popular formats M4A to MP3
MTS to AVI Converter In the meantime, it apply to nearly all devices: PC, laptop, Apple: iPad, iPod Phone, Sony PSP, Zune, mp4 Players, HTC, Smartphone, Xbox, etc Videos transcribed by Sony high definition digital vidicon are always kept with MTS format Convert MTS to AVI features with You can convert between every video format with it, To efficiently edit and play back the source MTS file Converting MTS to AVI
Logo Design Tips For Becoming A Professional Logo Designer
ACT! Hosting - An Affordable and Flexible CRM Solution
Enterprise Mobility Solutions
