US workers alert after breach of data

Sunday, November 7, 2010

WASHINGTON - More than 12,000 workers of a US government agency are facing the risk of identity theft after one of its employees sent the names and Social Security numbers of the organisation’s entire staff to a private e-mail address.

Workers of the General Services Administration (GSA), which manages federal property, are alert against their identity theft. According to The New York Times, the agency officials apologised to employees for the incident in a letter dated Oct 25, almost six weeks after the breach occurred.

The agency said it had paid for employees to enrol in a one-year programme to monitor their credit reports, along with up to $25,000 in identity theft insurance coverage.

The letter was signed by Casey Coleman, the chief information officer, and Gail Lovelace, the agencys senior privacy official. Neither returned calls or e-mails for comment, the daily said.

“Ensuring the security of employee data is no small challenge in large organisations. We will continue to evolve our protocols to protect the employee information entrusted to us,” Sara Merriam, a spokeswoman for the agency, said in a statement Wednesday.

Documents show that officials first notified employees Sep 28. But workers told the Times that they did not learn of the incident until early November, when the letters arrived in the mail.

Previous notices had been sent as security alert e-mails, which employees said they received frequently and often ignored.

According to interviews and documents obtained by the Times, technicians discovered the e-mail with names and Social Security numbers while reviewing logs Sep 22, a week after the message was sent, and deleted it from the recipient’s e-mail account and laptop.

The agency explained to employees that one worker had apparently transmitted the file containing the personal data by accident while seeking “work-related assistance”, and that it had not been forwarded.

Those involved had cooperated and the computer that received the data was scrubbed clean by agency technicians, the report said.

will not be displayed