Gov’t agency e-mails names and SS numbers of 12,000 employees


And the idiot award of the day goes to: the General Services Administration! While the GSA was created to help manage and support the basic functioning of federal agencies, it doesn’t seem to be functioning well itself. On Sept. 16, one GSA worker mistakenly sent the full names and Social Security numbers of every employee (12,000) to a private email account, reports The Washington Post.

Workers learned of the security breach in an agency-wide email on Sept. 28–12 days after the incident. Agency spokespersons would not confirm whether the worker who sent the email would be fired, or even disciplined. A month later, on Oct. 25, the GSA began offering a year of free credit monitoring and $25,000 in identity theft insurance to all of its workers.

“I’m very concerned that that situation could have happened at all, and then, of course, once it happened, employees needed to know right away to ensure their credit was protected,” said John Hanley, president of the National Federation of Federal Employees union, which represents GSA workers. “I think they should have done something sooner, and they should have advised all employees immediately when they learned there was a breach.”

Time to modernize, guys

While Gov’t agencies are routinely hacked and compromised (like the FAA), it is sad that such a large breach comes from within. Not only has the federal agency has violated the privacy rights of every person it employs, it also proved it is using out of date technology. In a secure and modern office, there should be no justifiable reason or way to email data this confidential.The GSA shouldn’t be using unprotected Excel spreadsheets (an assumption) and emailing large chunks of data like that. Microsoft or Google needs to get in there and get the GSA on the cloud.

GSA is currently blocking the delivery of agency emails that contain unencrypted SS numbers–a highly specific solution to a broad problem.