Friday, October 16, 2015

Data Breach: Vacaville Housing Authority

When and Who
Organization Name: Vacaville Housing Authority (VHS)
Date(s) of Breach (if known): Monday, August 24, 2015
Date(s) of Discovery of Breach: Tuesday, August 25, 2015

What Happened
This data breach is an example how one innocent mistake can expose personal identifying information.  A VHS employee sent an email with a file attachment, that included Social Security Number information, accidentally to the wrong recipient.  Fortunately, when the recipient viewed the email she notified VHS and deleted it from her inbox.  As required VHS did report the incident to the local police, California's Attorney General's Office and to HUD.  The local police did confirm that the recipient deleted the email. 

One lesson that can be drawn from this incident is to be careful to review who you are sending an email to in order to avoid this kind of mistake.  After all, not all recipients may be as conscientious as the recipient in this data breach.  In all fairness, mistakes do happen, and it is better to have a process in place that takes into account potential mistakes.  For example, using file encryption that requires the recipient to enter a password to view the file could have prevented this incident.   

What Kind of Data Was Breached 
Social Security Numbers

Who Is Affected
Number of those affected were not mentioned in notification of breach by the organization to those affected.