Joe Davidson reports on a Commerce Dept. breach that involved the transmission of unencrypted PII:
Why did it take the Commerce Department so long to notify employees that their personal information, including Social Security numbers, had been let loose on the Internet?
On Monday, employees were informed by letters mailed to their homes about “a breach of protocol involving your Personally Identifiable Information (PII), including your Social Security number (SSN) and name.”
The breach occurred on Dec. 4 — more than seven weeks before workers were told. It took Commerce nearly four weeks to prepare the letter, which was dated Dec. 31.
Read more in The Washington Post.