GSA employee's error exposes entire staff to potential identity theft

Agency is offering one year of insurance

An employee at the General Services Administration e-mailed the names and Social Security numbers of the agency’s entire staff to a private e-mail address, leaving GSA workers exposed to potential identity theft, according to published reports.

GSA sent a letter alerting its 12,000 employees in late October, about a month after discovering the breach in September -- and nearly six weeks after it had happened, reported Ashley Southall in a Nov. 6 article in the New York Times. GSA had alerted them earlier via e-mail, but some agency employees told Southall that they often ignored these alerts due to the high volume of alerts they receive.

Previous GCN coverage has shown that e-mail remains the top source for data breaches, according to a survey released by Proofpoint, an e-mail security and data loss prevention company, and conducted by Osterman Research. The biggest data threats come from inside a company, often as a result of accidents or carelessness by employees, according to a survey by Forrester Research.

GSA informed employees that the worker had sent the file accidentally and that it had not been forwarded. GSA technicians removed the information from the recipient’s computer and e-mail, the Times reported.

In the letter, signed by GSA’s CIO Casey Coleman and Gail Lovelace, the agency’s privacy official, GSA provided employees with $25,000 in identity theft insurance coverage and credit monitoring for a year in response to the incident.

GSA’s Inspector General Brian Miller is investigating the incident, the Times reported.

Employees could still be vulnerable after a year and the delay in notifying employees puts them at greater risk, said Jack Hanley, who leads a council representing approximately 4,000 GSA employees who are members of the National Federation of Federal Employees Union, according to the Times.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.