Personal information including names and Social Security numbers of 1,753 state employees leaked after it was posted to the Department of Administrative Services website. The personal information was included in a spreadsheet of vendors used by the state that was accessible to the public on the state web site. Officials believe the information was on the website since October 2003. After the leak was detected, the file was scrubbed. This leak was disclosed due to Connecticut’s S.B.650 which requires breach notification.

State officials claimed that the leak was not too serious because the Social Security numbers were displayed without hyphens and each had a numerical suffix attached, making them not easily recognizable.

The protocol was HTTP and the type data was NPI (e.g. customer data).

Websense Content Protection Suite can easily prevent such leaks by preemptively blocking internal and external communications such as emails and web posts that include confidential information. Being format agnostic, Websense Content Protection Suite can protect against leaks even if Social Security Numbers are displayed in different methods.

Content Protection Suite can also protect organizations against leaks from the outside when used in reverse proxy mode to prevent unauthorized access to web pages that contain such information.

Using Content Protection Suite’s Content Auditor module for monitoring and discovery of data at rest and data in use at the endpoint, organizations could identify confidential and private information and determine how it is being used.

For additional information on how to discover your sensitive data, monitor its movement throughout your network, and protect it against breaches, visit:

http://www.websense.com/global/en/ProductsServices/CPS/

You must be logged in to post a comment.