US SEC data leak shows lax data access practices
Posted on 26 July 2013.
Bookmark and Share
When a former employee of the US Securities and Exchange Commission left the organization for a job with another federal agency, he "inadvertently and unknowingly" took with him sensitive personal data of SEC employees and transferred it on the computer system of his new employer, The Hill reports.

It all happened when the former SEC employee thought it would be a good idea to download some SEC templates that could be of use at his new job. By doing so, he also accidentally downloaded onto the thumb drive the names, birth dates and Social Security numbers of past and present agency employees.

Once settled in his new job, he uploaded both the templates and the employee data onto his new employer's systems, and repeated the action a few months after because he couldn't locate the documents he uploaded the first time.

It's interesting to note that neither the new employer nor the old one found anything amiss for months after the "breach". It took a random security scan some 10 months later to discover it.

According to the notification letter received by the affected employees, the SEC has seized the thumb drive in question, and all the aforementioned data will be deleted from the other agencies' networks. Just in case, they will receive a free credit monitoring for a year.

As limited and negligible this incident might seem at first glance, it shows that the SEC - and people in the know say other government agencies as well - are really bad at keeping track who's accessing data.

This is also not the first incident of this kind at the SEC, and two recent internal audits showed that the agency is pretty careless when it comes to disabling accounts of staff that left the agency (whether for another one or for an organization in the private sector), and that it allowed employee access to sensitive information from non-government computers.

Given that the SEC works with sensitive financial information that can be easily misused, this should be a wake up call for them to start using data loss/leak prevention solutions.









Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //