Data Breach Affects About 4,000 Sec Workers-antik

Home / Data Breach Affects About 4,000 Sec Workers-antik

.puters-and-Technology The Los Angeles Times reports on a data breach that affected employees of the federal Securities and Exchange .mission on May 19, 2011. "About 4,000 agency employees, including several in Los Angeles, have been notified that their Social Security numbers and other payroll information were included in an unencrypted email," according to Drew Mal.b, a Department of Interior spokesman. The email was sent on May 4 by a contractor at the department’s National Business Center, which manages payroll, human resources and financial reporting for dozens of federal agencies, Mal.b told the Los Angeles Times. According to Mal.b, Interior Department policies require that sensitive personnel information be encrypted when emailed. But the contractor neglected to encrypt the email, and the software in place to catch such errors did not work properly. "It was a twofold thing," he said. "The contractor forgot and then the software failed or malfunctioned." The employee responsible is now barred from dealing with personal An investigation was launched into the incident at the service center after the data breach was discovered. An assessment of the software and security protocols at the National Business Center is ongoing. Affected employees were notified after the incident and were offered 60 days of free credit monitoring. "There is no indication that the data was intercepted," Mal.b said, adding that personal information was only exposed for about 60 seconds "during the time the email was being sent, from the moment when the person hit send to the time the other person gets it in the inbox." "It was only a 60-second window of vulnerability, but 60 seconds is too long," he added. The National Business Center has dealt with several incidents in the last year regarding lost or leaked employee information. In February 2010, a similar software malfunction almost exposed personnel data, but an employee caught the mistake and the software was later updated. Then in May, a .pact disc that contains personally identifiable information for about 7,500 federal employees had been reported lost by the Interior Department’s shared services centre and has still not been recovered. The incident occurred on or around May 26, 2010, when a procurement specialist at Interior’s National Business Center in Denver reported that the CD could not be located. The disc was sent to the business center by a third-party service provider. However, the data on the CD was claimed to be encrypted and password-protected. Mal.b said the ongoing investigation will focus not only on the software in place but also on security protocols at a broad level at the National Business Center. "The investigation will likely result in a change in software," he said. "I can’t really predict what the investigation will find, but that looks kind of clear." The frequency of data breaches of information details is only going to increase if government departments and organizations fail to pay attention on the vulnerabilities of their information and .work security. Government departments and organizations need to enforce robust information security initiatives, including having a proficiently skilled IT security workforce, in order to prevent cyber attacks and minimize security breaches. Information security professionals can increase their IT security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals. Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar. The 3 days CAST Summit workshop covering current and important security topics such as pe.ration testing, application security, cryptography, .work defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings. About the Author: 相关的主题文章: