US finance agency probes data blunder
- 9 November 2012
- From the section Technology
The US Securities and Exchange Commission (SEC) has spent $200,000 (£125,190) investigating security blunders made by staff.
The SEC, which oversees US financial markets, was forced to investigate when it found out that staff were not encrypting sensitive data.
It feared that data had gone missing after realising unencrypted laptops were taken to a hacker conference.
The probe suggested no data had been lost as a result of the mistake.
The unprotected computers at the heart of the investigation were being used by staff in the SEC's Trading and Markets Division, Reuters reported.
One of the responsibilities of that division is advising US financial exchanges about dangers from hackers and ensuring they follow guidelines to steer clear of cyberthreats.
The employees were found to be flouting standard procedure within the SEC that demands that data on laptops be encrypted to protect it in the event of that device being lost or stolen. The laptops contained sensitive information about the inner workings of many US financial markets.
To compound the mistake, the unprotected laptops were taken when some SEC staff travelled to the Black Hat convention which gathers security hackers together to talk about the latest security threats.
The $200,000 bill was run up as the SEC paid a security firm to carry out forensic tests to ensure that the data had not been tampered with or booby-trapped.
The report into the security lapse was co-ordinated by the Jon Rymer, the SEC's interim inspector general. The SEC has declined to comment on Reuter's findings.