Email Mishap Leaks Google Staff Data (thestack.com)

← Back to Stories (view on slashdot.org)

Email Mishap Leaks Google Staff Data (thestack.com)

Posted by msmash on Monday May 9, 2016 @03:00AM from the email-mishap-at-email-giant-house dept.

An anonymous reader writes: Google has suffered a data breach which compromised the security of its employees, after the company's staff benefits vendor mistakenly sent an email containing sensitive data to the wrong recipient. Google has sent a formal apology to an undisclosed number of affected employees. The letter notifies of the data breach and advises staff to register for free identity protection checks and credit monitoring for the next two years. The document explains how the third-party company, which provides Google with benefits management services, sent the personal information to a benefits manager at another firm by accident. The data included staff names and social security numbers, among other sensitive details.

16 of 33 comments (clear)

Min score:

Reason:

Sort:

time for dynamic ssn by Moblaster · 2016-05-09 03:03 · Score: 2

This kind of thing has only been getting more commonplace. Won't make a dime's worth of difference -- a $10/mo subscription to some credit monitoring service, some apologies to the employees, and a bit of worry, and NO changes -- until there is a system in place for complex, dynamic one-time-use SSN codes that EXPIRE if unused.
1. Re:time for dynamic ssn by jellomizer · 2016-05-09 03:12 · Score: 3, Informative
  
  The problem was the SSN was never meant for identification. It was just a number that the government used to track your Social Security benefits.
  Being that it was unique as for one SSN per Person, and most citizens have one it became your identity.
  However to carry are RSA phob for my life to prove my identity is kinda worrisome as well.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
2. Re:time for dynamic ssn by ohieaux · 2016-05-09 03:24 · Score: 4, Insightful
  
  Humans don't have unique identifiers that are easily accessible. We can use fingerprints, retina or DNA with physical presence, but we need a surrogate key if we want to track people in our digital world. The problem with most surrogate keys is that they have no meaning outside of the system that creates them. A SSN is a perfect surrogate key, in that it has a scope outside of the system (Social Security) that created it. But, that is also it's weakness. Since so many systems (like financial and medical) use this unambiguous key, it can be used for nefarious purposes. Any simple, global, constructed key will have these faults.
  
  --
  Where all think alike, no one thinks very much.
3. Re:time for dynamic ssn by NotInHere · 2016-05-09 03:29 · Score: 3, Insightful
  
  No, SSNs were intended for identification. What SSNs were never designed for was authentication. A system where you give them your SSN in order to prove you are really you is flawed by design.
  The SSNs are unique and that's great for identification purposes as people may share the same name and date of birth. But an SSN should be no secret, because if you send it to all entities you want to prove you really are who you claim to be, the secret ceases to be a secret.
  Replace the SSN by hashes of a public key, and let the services send you challenges instead. That system will work, but probably nobody will want to use it.
4. Re:time for dynamic ssn by NotInHere · 2016-05-09 03:33 · Score: 2
  
  Fingerprints are not unique. At least not fingerprints on one finger. Same goes for DNA, you may have a twin with exactly the same DNA, and perhaps one day cloning humans becomes a thing.
  The problem with SSNs is that they are used as some way you can use to prove you are you. But as is with credit card expiration dates, the secret stops being one if you give it to another entity. The problem SSNs are just damn easy to use, unlike public keys. Explain a grandma how to gpg sign a random generated 512-bit challenge.
5. Re:time for dynamic ssn by sims+2 · 2016-05-09 03:38 · Score: 1, Interesting
  
  At work we use ssns to identify people in our system its not online it doesn't check that the number is valid and we don't actually care if its real or not.
  The reason why we ask for the ssn is solely so we can find them in our system a year later when they come back. Because many people have absolutely no idea what their legal name is or don't care.
  Name on id: "Fred jones"
  What he says his name is: "Patrick star"
  Oh I've changed my name 3 times in the last year what name do you have me under? Try smith, green, apple, bob.
  *checks ssn* ah here we are "Natsu dragneel"
  Client: oh I forgot about that one that was when I was with my 7th wife.
  Give us something else we can use to persistantly keep track of our customers because names really suck.
  
  --
  Minimum threshold fixed. Thanks!
6. Re: time for dynamic ssn by cablepokerface · 2016-05-09 04:07 · Score: 1
  
  Both clones and twins have different fingerprints.
Re:My company does this often on purpose by Anonymous Coward · 2016-05-09 03:09 · Score: 1

Go public, making them stop, and get fired for it.
Encryption by Anonymous Coward · 2016-05-09 03:13 · Score: 1

End-to-end encryption automatically applied to all emails would provide an additional consistency check to reduce these kinds of incidents.
Require recipients potentially receiving especially sensitive information to have a private key that is an additional factor to their email address.
1. Re:Encryption by ohieaux · 2016-05-09 03:26 · Score: 1
  
  The problem I see with this is that if I select a wrong address, my email will likely assume that's what I wanted to do and encrypt for them.
  
  --
  Where all think alike, no one thinks very much.
2. Re:Encryption by NotInHere · 2016-05-09 03:34 · Score: 1
  
  Yeah, especially the more convenient encyption becomes.
Shouldn't have mattered, BAD Google! by pla · 2016-05-09 03:36 · Score: 4, Insightful

The data included staff names and social security numbers, among other sensitive details.

Why the hell would they send sensitive employee data unencrypted over email? It should have made no difference at all if they sent it to the wrong address, because no one but the intended recipient should have the key to access the data. Yet clearly, not the case here.

People need to start going to jail for shit like this.
1. Re:Shouldn't have mattered, BAD Google! by DarkOx · 2016-05-09 04:38 · Score: 2
  
  Most e-mail encryption is done transport level and its opportunistic.
  You Say: STARTTLS
  and see if you get a non-error response code. If you do TLS handshake and the mail is ciphered if not it goes in the clear. Now most of these gateways can be configured to do things like 'require encryption if the destination domain is example.com'
  So you can fix it so all mail to your payroll provider gets encrypted or bounced, but if the client miss-addresses it and sends it to some other valid domain + mailbox, opps.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
2. Re:Shouldn't have mattered, BAD Google! by 140Mandak262Jamuna · 2016-05-09 06:48 · Score: 1
  
  They are still using Email? So 20th century. They should have been tweeting the info, 140 bytes at a time.
  
  --
  sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Free Credit Protection by ThatsNotPudding · 2016-05-09 05:18 · Score: 1

This seems such a tepid consolation nowadays.

It feels like as if a shit Electrician burned down your house thru sheer incompetence and their way of making up for it is providing you a new fire extinguisher.
Corporate-speak by Sir+Holo · 2016-05-09 17:34 · Score: 1

CORP MEMO: "We do not have evidence that any employee's personal and sensitive information was leaked to outside parties."
TRANSLATION: "We didn't look for it. Just shut up and keep working."