GSA employee's error exposes entire staff to potential identity theft

Agency is offering one year of insurance

An employee at the General Services Administration e-mailed the names and Social Security numbers of the agency’s entire staff to a private e-mail address, leaving GSA workers exposed to potential identity theft, according to published reports.

GSA sent a letter alerting its 12,000 employees in late October, about a month after discovering the breach in September -- and nearly six weeks after it had happened, reported Ashley Southall in a Nov. 6 article in the New York Times. GSA had alerted them earlier via e-mail, but some agency employees told Southall that they often ignored these alerts due to the high volume of alerts they receive.

Previous GCN coverage has shown that e-mail remains the top source for data breaches, according to a survey released by Proofpoint, an e-mail security and data loss prevention company, and conducted by Osterman Research. The biggest data threats come from inside a company, often as a result of accidents or carelessness by employees, according to a survey by Forrester Research.

GSA informed employees that the worker had sent the file accidentally and that it had not been forwarded. GSA technicians removed the information from the recipient’s computer and e-mail, the Times reported.

In the letter, signed by GSA’s CIO Casey Coleman and Gail Lovelace, the agency’s privacy official, GSA provided employees with $25,000 in identity theft insurance coverage and credit monitoring for a year in response to the incident.

GSA’s Inspector General Brian Miller is investigating the incident, the Times reported.

Employees could still be vulnerable after a year and the delay in notifying employees puts them at greater risk, said Jack Hanley, who leads a council representing approximately 4,000 GSA employees who are members of the National Federation of Federal Employees Union, according to the Times.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.