Boeing Employee Exposes Colleagues’ Data in Privacy Snafu

Written by

A Boeing employee has landed himself in hot water after exposing the personal details of over 30,000 employees by sending a spreadsheet from work to his wife.

The aerospace giant was forced to inform Washington State attorney general Bob Ferguson of the privacy snafu earlier this month after it discovered the “inadvertent disclosure” in January.

The details of around 36,000 Boeing employees included full names, places of birth, employee IDs, Social Security numbers, dates of birth and accounting department codes, according to the letter.

Some of these were in hidden columns on the spreadsheet, explained the firm’s deputy chief privacy officer, Marie Olson:

“During Boeing’s investigation, the employee stated that he sent a spreadsheet with the personal information to his spouse for help with a formatting issue. He did not realize there was sensitive information included on the spreadsheet because that information was vontained in hidden columns.”   

All copies of the spreadsheet have now been destroyed and the individual and his spouse have confirmed to Boeing that they’ve not distributed the information to anyone else, the letter concluded.

Ironically, Boeing sells a data loss prevention product – Cipher – through a partnership with another firm but only uses it for classified corporate materials, according to The Register.

Tony Pepper, CEO of Egress, argued that similar inadvertent data breaches of this kind happen all the time.

“In many ways, technology has made our lives far easier but everything from emails to ‘intelligent’ add-ons, like auto-fill email addresses, have also increased the risk profile of businesses,” he added.

“Yet it is also easy to avoid with the right tools in place which stop data leaving the organization when it shouldn’t – or indeed when it’s headed to the wrong person. These are tools Boeing itself knows well, having developed one, and, had that tool been used, they may well have avoided this embarrassing mistake.”

What’s hot on Infosecurity Magazine?