« Faith and Law | Main | Data Security Breach Supersized: 40 Million People Affected »

Saturday, June 18, 2005

Notice Much Delayed: The FDIC Data Security Breach

Fdiclogo A Washington Post article discusses the letter the FDIC recently mailed to about 6000 of its employees that describes a data security breach where employee personal information was compromised:

Thousands of current and former employees at the Federal Deposit Insurance Corp. are being warned that their sensitive personal information was breached, leading to an unspecified number of fraud cases.

In letters dated last Friday, the agency told roughly 6,000 people to be "vigilant over the next 12 to 24 months" in monitoring their financial accounts and credit reports. The data that may have been improperly accessed included names, birth dates, Social Security numbers and salary information on anyone employed at the agency as of July 2002.

The agency said that in a "small number of cases," the data was used to obtain fraudulent loans from a credit union, but declined to specify how many or the credit union involved.

According to the letter, the breach occurred early last year, and it remains unclear why employees were not notified for nearly 18 months. The agency wrote that it learned of the breach only "recently," but did not explain how the breach surfaced or why it took so long to learn about it.

Why did it take 18 months to notify people?  How did the breach happen?  What is being done to address the problems?  The letter is vague on details.  Currently, there is legislation pending in many states as well as in Congress to mandate notifying people of data security breaches in which their personal information has been leaked.  Any data security breach notification law should mandate that disclosure occurs within a reasonable period of time after the breach occurs and that the notification letters have adequate details to inform people about what happened.   

Thanks to PrivacySpot for the pointer.

Posted by Daniel Solove on June 18, 2005 at 01:31 PM in Daniel Solove, Information and Technology | Permalink

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c6a7953ef00d83422d03053ef

Listed below are links to weblogs that reference Notice Much Delayed: The FDIC Data Security Breach:

» FDIC, 6,000 employee SSNs, "security failure" from Emergent Chaos
Thousands of current and former employees at the Federal Deposit Insurance Corp. are being warned that their sensitive personal information was breached, leading to an unspecified number of fraud cases. In letters dated last Friday, the agency told ro... [Read More]

Tracked on Jun 21, 2005 9:44:54 AM

Comments

Identity theft has brought great tensions to the corporate world causing many companieslosses each year. Everyone is scared of their personal information not leaked out tosome strangers. Not only offices but individuals at home should also purchase onefor safety.

Posted by: Industrial Shredders | Jan 12, 2009 2:53:58 AM

The Credit Union seems to have been the NIH Federal Credit Union, according to an American Banker article which is reprinted at the URL below.

http://www.collectionsworld.com/cgi-bin/readstory.pl?story=20050617CCWN016.xml

Posted by: Chris Walsh | Jun 21, 2005 11:21:01 AM

Post a comment