Last October 7, over 30,000 Colorado state employees suffered the leaking of their personal data after a master spreadsheet was mistakenly shared with benefit administrators at public high education institutions.
After detecting the incident, the Colorado Department of Personnel and Administration started taking security measures, as well as asked 38 benefit administrators to immediately delete the exposed information. The master spreadsheet allegedly contained confidential data such as social security numbers, birth dates, among other data.
So far, the government officials have found no evidence of exposed information malicious usage. The incident updates have been shared by executive director of Personnel and Administration Kara Veitch.
In compliance with federal law, the affected organization should’ve notified users whose information has been exposed during this incident, as well as providing the adequate methods to protect them from further attacks. Colorado government send a letter to its personnel, which include three links to credit reporting agencies, where they can find the best way to monitor potentially malicious activity related to the leaking.
The spokesperson of the Department of Personnel and Administration said the admins who mistakenly received the confidential data have already deleted it. Besides, the Department has taken steps to secure a similar incident won’t happen again. The spokesperson declined sharing more details.
Finally, according to Chief Operating Officer at Identity Theft Resource Center James E. Lee, this incident seems little concerning, as the information was shared between two government instances. Nontheless, Lee recommends the receivers verify the adequate deletion of this data.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.