Linda Ronstadt sings about the SEC’s email security
The Securities and Exchange Commission recently had a data breach that was caused by the failure of their email encryption product to actually encrypt when it was supposed to. This breach resulted in the exposure of the Social Security numbers and other payroll information of over 4,000 of their employees.
The May 4 email was sent by a contractor at the department's National Business Center, which manages payroll, human resources and financial reporting for dozens of federal agencies, Malcomb said. Interior Department policies require that sensitive personnel information be encrypted when emailed.
But the contractor neglected to encrypt the email, and the software in place to catch such errors did not work properly, Malcomb said.
"It was a twofold thing," he said. "The contractor forgot, and then the software failed or malfunctioned."