Ashley Southall reports:
Federal workers at the General Services Administration are on alert against identity theft after an employee sent the names and Social Security numbers of the agency’s entire staff to a private e-mail address.The agency, which manages federal property, employs more than 12,000 people. Officials apologized to employees for the incident in a letter dated Oct. 25 — almost six weeks after the breach occurred. The agency said it had paid for employees to enroll in a one-year program to monitor their credit reports, along with up to $25,000 in identity theft insurance coverage.
Read more in the New York Times.
Interestingly, the news report provides some support for those who argue that too many notifications will lead to ignoring them:
Documents show that officials first notified employees on Sept. 28. But workers who spoke with The New York Times said they did not learn of the incident until early November, when the letters arrived in the mail. Previous notices had been sent as security alert e-mails, which employees said they received frequently and often ignored.
I’d be curious to know what those other security e-alerts were about. I do not see any notice prominently linked from GSA’s home page.
I’m interested, if this was sent to one person only, did they feel the information was at risk by that person?