The aerospace giant Boeing notifies 36,000 employees following an accidental data leak. A company employee inadvertently leaked the personal information of his co-workers late last year, the man sent by email a company spreadsheet to his spouse who didn’t work at the company.
The file shared by the man contained sensitive, personally identifiable information of 36,000 Boeing employees, including names, places of birth, BEMSID, or employee ID numbers, and accounting department codes.
The data leak was publicly disclosed earlier February after the Boeing’s Deputy Chief Privacy Officer Marie Olson notified the security breach to the Attorney General for the state of Washington Bob Ferguson.
According to Olson, the spreadsheet also included “hidden columns” containing social security numbers and dates of birth.
According to the breach notification, the incident occurred on Nov. 21, 2016, it was discovered on Jan. 9, but Boeing notified the security breach starting from Feb. 8.
In response to the breach, Boeing has destroyed copies of the spreadsheet from both the Boeing employee’s computer and his spouse’s PC.
“Both the employee and his spouse have confirmed to us that they have not distributed or used any of the information,” reads the Boeing breach notification.
Boeing experts don’t believe the data have been used inappropriately, anyway, it is offering employees two years access to a free identity theft protection service.
In order to avoid similar incidents in the near future, the company plans to require additional training to its employees on how to manage sensitive data and it to implement additional controls to sensitive information.
Unfortunately, this isn’t the first time that the company suffered similar incidents, in several cases, laptops containing sensitive data were stolen. In December 2006, thieves have stolen a laptop containing data related to 382,000 employees.
(Security Affairs – cyber security, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.