Boeing has notified 36,000 employees of a security breach involving an email that inadvertently disclosed their personal information.
On 8 February 2017, the American aerospace company sent a letter to Bob Ferguson, Attorney General for Washington State. In it, Boeing says a security incident might have exposed the personal information of 7,288 residents of the Attorney General’s state. The corporation goes on to note that while it detected the breach on 9 January 2017, the exposure actually occurred in late 2016.
Boeing elaborates on this point in its letter (PDF):
“On January 9, 2017, we discovered that a company employee set an email containing personal information of approximately 36,000 other employees to his non-Boeing spouse on November 21, 2016. During Boeing’s investigation, the employee stated that he sent a spreadsheet with the personal information to his spouse for help with a formatting issue. He did not realize there was sensitive personal information included on the spreadsheet because that information was contained in hidden columns.”
Specifically, the spreadsheet contained employees’ names, addresses, places of birth, dates of birth, employee IDs, and Social Security Numbers.
After it discovered the breach, Boeing launched an investigation into the incident. First, the company contacted the employee and the spouse, who both said they neither distributed nor used the information. Second, it conducted a forensic analysis of the couple’s computers. This effort, which involved deleting any and all copies of the spreadsheet, found no evidence to suggest anyone inappropriately used those employees’ information.
The aerospace company intends to “require additional training on the proper handling of personal information” when it comes to its employees going forward. It also plans on implementing additional controls designed to protect their data.
In the meantime, it’s offering a complimentary two-year membership with Experian’s ProtectMyID identity protection service to all employees affected by the incident. Boeing is also urging all employees to review their credit and financial accounts. If they detect any indication of fraud, they should report it to the appropriate service providers.
News of this incident follows more than a year after FACC, an aerospace parts manufacturer which is one of Boeing’s suppliers, reported a hacking attack against its financial accounting department that stole approximately €50 million ($54.5 million).