Proofpoint: Security, Compliance and the Cloud

November 08, 2010

GSA Workers' Social Security Numbers Emailed to Private Email Address, SSNs Critical in Identity Theft

The New York Times reported yesterday that  the names and Social Security Numbers of the entire staff at the General Services Administration (GSA)—more than 12,000 people—were apparently emailed by an agency employee to a private email address. (See, "GSA workers' Social Security numbers e-mailed.")

The Times reports that technicians discovered the email containing the names and SSNs while reviewing logs on September 22, 2010, one week after the message was sent. The GSA explained to employees that a worker had sent the file containing the personal data by accident.

While this is a potentially massive exposure of private information, these sorts of email exposures are far from rare. Proofpoint's latest research in this area found that nearly one third (32%) of large US enterprises had investigated a suspected violation of privacy or data protection regulations involving email in the preceding 12 months. (For this data and many other statistics about similar data loss events see our report, Outbound Email and Data Loss Prevention in Today's Enterprise, 2010.)

Given the frequency of this type of exposure, organizations (especially those in regulated sectors such as healthcare, financial services, retail and government) should ideally have technology in place to detect private information. This sort of massive, inadvertent exposure of personal information via email is easily stopped using modern email security solutions.

For example, users of the Proofpoint Enterprise Privacy email data loss prevention and email encryption solution will often have a rule configured to block any outbound email found to contain multiple Social Security Numbers.

Typically, messages with Social Security Numbers should always be sent in encrypted form. Handling personal data in this way is not just a best practice, but is mandated by data protection standards and regulations including HIPAA, GLBA, PCI-DSS and various US state data privacy laws.

For more on why it's so important to protect Social Security Numbers, see this new BankInfoSecurity article, "Incidents Prove Link Between Social Security Numbers, ID Theft." In that article, information privacy expert Mari Frank says that SSNs are, "the key to medical-benefit theft, government-benefit theft, you name it."

 

Posted by Keith R. Crosley at 10:09 AM
Data Loss Prevention, Email Encryption, Email Security, GLBA, HIPAA, PCI-DSS, Regulatory Compliance

Technorati Tags: , , , , , , , , , , , , , ,

Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c013488cee0d5970c

Listed below are links to weblogs that reference GSA Workers' Social Security Numbers Emailed to Private Email Address, SSNs Critical in Identity Theft :

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Archives

Blog Search

Email Security Gateways, 2011

Magic Quadrant

Recent Posts

Blogroll

Tweets

Follow us @Proofpoint_Inc »

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption