News has surfaced of a breach of sensitive data of California state employees.
As reported by The Sacramento Bee, it appears thousands of Social Security numbers have been exposed at the Department of Fish and Wildlife, with the department confirming so in a memo sent to its staff.
It is alleged the breach was discovered in December last year, but was only disclosed to employees this week. The California Highway Patrol is thought to be investigating the incident, which is believed to have been brought about as a result of a former state employee downloading data to a personal device before taking the device outside of the state’s network.
“It is frustrating to see incidents like these continue to occur when the remedy is so simple,” said Jon Fielding, managing director, EMEA Apricorn. “Organizations have it within their gift to mandate the use of a corporate standard, encrypted USB device and to enforce its use through locking down their ports so that only these devices will be accepted.
“We are moving towards an expectation that best practice such as this will be implemented and audited through the upcoming General Data Protection Regulation (GDPR) act, which would apply to California's Department of Fish and Wildlife if any of the affected individuals are EU citizens. In the event of a breach, the onus to notify and the potential fine is mitigated if the data is rendered unintelligible to unauthorized actors, such as being encrypted in hardware on a USB device.”