Arkansas State University (ASU) employees, full and part time, had their SSNs and other personal information breached when an e-mail was sent to the wrong people. It looks like data encryption software was not used to safeguard the contents.
An e-mail containing the names, Social Security numbers, and driver's license numbers for 2,484 ASU employees was sent to the wrong set of people (144 of them). It can be inferred from the story that, technically, it was not the e-mail itself but an attachment to that e-mail that contained the information. The e-mail with the attachment was sent to the wrong e-mail distribution group. Faculty and staff have exchanged messages via e-mail, and it looks like most have agreed that this was an accident.
An e-mail containing the names, Social Security numbers, and driver's license numbers for 2,484 ASU employees was sent to the wrong set of people (144 of them). It can be inferred from the story that, technically, it was not the e-mail itself but an attachment to that e-mail that contained the information.
The e-mail with the attachment was sent to the wrong e-mail distribution group.
Faculty and staff have exchanged messages via e-mail, and it looks like most have agreed that this was an accident.
Accident or not, I'd have to point out that sending any type of e-mail--with or without attachments--that contains sensitive data is not a good idea because of how e-mail works: the message is bounced around from server to server until it reaches its intended destination. This "bouncing around" is semi-random, for all intents and purposes. You'd imagine that the process would be much, much more logical than "send it anywhere until it reaches its destination." It's not, but hey, we're dealing with data travelling at the speed of light: There's very little efficiency you can squeeze out of it. Now, the volume of e-mail passing through any servers set up as such is gargantuan, and since e-mails passing through are random (there's no guarantee that you'll always get an e-mail from Coca-Cola or Home Depot or whatever), most wouldn't even take a look at what's passing through. But, as the world of Viagra spam shows us, a relatively minor number of participants is all that's required to make a venture successful. You could have a number of people out there that essentially make a copy of every e-mail that passes through their servers and then data mine them for their own illegal purposes. Hence, sending sensitive information via e-mail is generally a bad idea. Unless, of course, you have the information encrypted. There are solutions out there that will automatically encrypt e-mails. Barring such a solution, one could always use content encryption on attachments/files. This way, the information in the attachment would still be safe if the e-mail is intercepted...or if the e-mail is sent to the wrong people.
Accident or not, I'd have to point out that sending any type of e-mail--with or without attachments--that contains sensitive data is not a good idea because of how e-mail works: the message is bounced around from server to server until it reaches its intended destination. This "bouncing around" is semi-random, for all intents and purposes.
You'd imagine that the process would be much, much more logical than "send it anywhere until it reaches its destination." It's not, but hey, we're dealing with data travelling at the speed of light: There's very little efficiency you can squeeze out of it.
Now, the volume of e-mail passing through any servers set up as such is gargantuan, and since e-mails passing through are random (there's no guarantee that you'll always get an e-mail from Coca-Cola or Home Depot or whatever), most wouldn't even take a look at what's passing through. But, as the world of Viagra spam shows us, a relatively minor number of participants is all that's required to make a venture successful.
You could have a number of people out there that essentially make a copy of every e-mail that passes through their servers and then data mine them for their own illegal purposes. Hence, sending sensitive information via e-mail is generally a bad idea.
Unless, of course, you have the information encrypted. There are solutions out there that will automatically encrypt e-mails. Barring such a solution, one could always use content encryption on attachments/files. This way, the information in the attachment would still be safe if the e-mail is intercepted...or if the e-mail is sent to the wrong people.
Related Articles and Sites:http://www.asuherald.com/news/faculty-staff-id-threatened-1.2318168