News Insider Threat

Breach At U.S. Regulatory Agency Puts Employee Data At Risk

Tim Wilson

See more from Tim

Connect directly with Tim: Bio | Contact

Phishing attack at Commodity Futures Trading Commission fools employee into giving up account data

Tim Wilson June 27, 2012

The U.S. Commodity Futures Trading Commission, which governs the nation's derivatives markets, has disclosed that it suffered a data breach in May, exposing the Social Security numbers and personal information of its employees.

According to a news report about the CFTC breach, an employee ath the commission received a phishing email on May 21 and input information into a fraudulent website. A third party was then able to illegally enter the employee’s account, which had access to personnel information, according to a copy of an email sent to agency employees that described the incident.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

"The email account contained emails and attachments with the names, Social Security numbers, and possibly other sensitive personally identifiable information of certain individuals," according to the email description.

The CFTC has about 700 employees and regulates U.S. futures and swaps markets.

The incident described in the email description was confirmed last week by CFTC spokesman Steve Adamske.

"The CFTC believes at this time that the data breach is contained to employee information and does not compromise any trading or market data," said John Rogers, CIO at the CFTC, in an email statement on June 22, according to the news reports. "Law enforcement has been contacted and we will work with them as appropriate."

The agency said it will implement additional security controls for CFTC computer systems and increasing training for staff, including those who handle personal information. The commission also arranged for employees to receive identity protection from a credit-monitoring company, according to the news reports.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson

See more from Tim

Connect directly with Tim: Bio | Contact

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

Ten Steps To Success In Data Loss Prevention

Don't let anyone tell you that implementing a DLP system is easy. It takes time, patience and diplomacy to ensure that technical requirements, security policy and business needs are balanced. In this Dark Reading report, we recommend the 10 steps that must be taken to keep company data safe - and business managers and users happy and productive.
Securing the Mobile User

The complexity of managing mobile devices should get easier going forward, but that's not the case right now. As traditional laptop PCs continue to die a slow death, most IT departments will be forced to alter the way they approach client management. Despite the growing popularity and acceptance of the bring-your-own-device - or BYOD - movement, there are a number of things working against IT. Fortunately, there are also a number of tools, some of them free, that security professionals can use along with strong policy and best practices to close the enterprise mobile security gap.
Making Insiders Foot Soldiers In Enterprise Security

Insider threat-borne attacks remain the minority of data breaches but tend to inflict the most damage - especially when it comes to intellectual property theft. In this retrospective of recent Dark Reading coverage, we look at the hot trends and tips on how to flip the equation on the insider threat.

Other reports from the Insider Threat Tech Center:

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Dark Reading May 2013 Digital Supplemental Issue

Back Issues

In This Issue

The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Insider Threat

Breach At U.S. Regulatory Agency Puts Employee Data At Risk

Phishing attack at Commodity Futures Trading Commission fools employee into giving up account data

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Ten Steps To Success In Data Loss Prevention

Securing the Mobile User

Making Insiders Foot Soldiers In Enterprise Security

Sign up for the Dark Reading Daily email newsletter

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Insider Threat

Breach At U.S. Regulatory Agency Puts Employee Data At Risk

Phishing attack at Commodity Futures Trading Commission fools employee into giving up account data

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue