GSA employee's error exposes entire staff to potential identity theft

Agency is offering one year of insurance

An employee at the General Services Administration e-mailed the names and Social Security numbers of the agency’s entire staff to a private e-mail address, leaving GSA workers exposed to potential identity theft, according to published reports.

GSA sent a letter alerting its 12,000 employees in late October, about a month after discovering the breach in September -- and nearly six weeks after it had happened, reported Ashley Southall in a Nov. 6 article in the New York Times. GSA had alerted them earlier via e-mail, but some agency employees told Southall that they often ignored these alerts due to the high volume of alerts they receive.

Previous GCN coverage has shown that e-mail remains the top source for data breaches, according to a survey released by Proofpoint, an e-mail security and data loss prevention company, and conducted by Osterman Research. The biggest data threats come from inside a company, often as a result of accidents or carelessness by employees, according to a survey by Forrester Research.

GSA informed employees that the worker had sent the file accidentally and that it had not been forwarded. GSA technicians removed the information from the recipient’s computer and e-mail, the Times reported.

In the letter, signed by GSA’s CIO Casey Coleman and Gail Lovelace, the agency’s privacy official, GSA provided employees with $25,000 in identity theft insurance coverage and credit monitoring for a year in response to the incident.

GSA’s Inspector General Brian Miller is investigating the incident, the Times reported.

Employees could still be vulnerable after a year and the delay in notifying employees puts them at greater risk, said Jack Hanley, who leads a council representing approximately 4,000 GSA employees who are members of the National Federation of Federal Employees Union, according to the Times.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.