Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Google Privacy Security

Email Mishap Leaks Google Staff Data (thestack.com) 33

Posted by msmash from the email-mishap-at-email-giant-house dept.
An anonymous reader writes: Google has suffered a data breach which compromised the security of its employees, after the company's staff benefits vendor mistakenly sent an email containing sensitive data to the wrong recipient. Google has sent a formal apology to an undisclosed number of affected employees. The letter notifies of the data breach and advises staff to register for free identity protection checks and credit monitoring for the next two years. The document explains how the third-party company, which provides Google with benefits management services, sent the personal information to a benefits manager at another firm by accident. The data included staff names and social security numbers, among other sensitive details.
This discussion has been archived. No new comments can be posted.

Email Mishap Leaks Google Staff Data More

Email Mishap Leaks Google Staff Data

Comments Filter:

  • time for dynamic ssn (Score:3)

    by Moblaster ( 521614 ) on Monday May 09, 2016 @11:03AM (#52075625)
    This kind of thing has only been getting more commonplace. Won't make a dime's worth of difference -- a $10/mo subscription to some credit monitoring service, some apologies to the employees, and a bit of worry, and NO changes -- until there is a system in place for complex, dynamic one-time-use SSN codes that EXPIRE if unused.

    • Re:time for dynamic ssn (Score:4, Informative)

      by jellomizer ( 103300 ) on Monday May 09, 2016 @11:12AM (#52075681)

      The problem was the SSN was never meant for identification. It was just a number that the government used to track your Social Security benefits.
      Being that it was unique as for one SSN per Person, and most citizens have one it became your identity.

      However to carry are RSA phob for my life to prove my identity is kinda worrisome as well.

      • Re:time for dynamic ssn (Score:5, Insightful)

        by ohieaux ( 2860669 ) on Monday May 09, 2016 @11:24AM (#52075751)
        Humans don't have unique identifiers that are easily accessible. We can use fingerprints, retina or DNA with physical presence, but we need a surrogate key if we want to track people in our digital world. The problem with most surrogate keys is that they have no meaning outside of the system that creates them. A SSN is a perfect surrogate key, in that it has a scope outside of the system (Social Security) that created it. But, that is also it's weakness. Since so many systems (like financial and medical) use this unambiguous key, it can be used for nefarious purposes. Any simple, global, constructed key will have these faults.

        • Fingerprints are not unique. At least not fingerprints on one finger. Same goes for DNA, you may have a twin with exactly the same DNA, and perhaps one day cloning humans becomes a thing.

          The problem with SSNs is that they are used as some way you can use to prove you are you. But as is with credit card expiration dates, the secret stops being one if you give it to another entity. The problem SSNs are just damn easy to use, unlike public keys. Explain a grandma how to gpg sign a random generated 512-bit chal

      • Re:time for dynamic ssn (Score:4, Insightful)

        by NotInHere ( 3654617 ) on Monday May 09, 2016 @11:29AM (#52075777)

        No, SSNs were intended for identification. What SSNs were never designed for was authentication. A system where you give them your SSN in order to prove you are really you is flawed by design.

        The SSNs are unique and that's great for identification purposes as people may share the same name and date of birth. But an SSN should be no secret, because if you send it to all entities you want to prove you really are who you claim to be, the secret ceases to be a secret.

        Replace the SSN by hashes of a public key, and let the services send you challenges instead. That system will work, but probably nobody will want to use it.

    • Re: (Score:2, Interesting)

      by sims 2 ( 994794 )

      At work we use ssns to identify people in our system its not online it doesn't check that the number is valid and we don't actually care if its real or not.
      The reason why we ask for the ssn is solely so we can find them in our system a year later when they come back. Because many people have absolutely no idea what their legal name is or don't care.

      Name on id: "Fred jones"
      What he says his name is: "Patrick star"
      Oh I've changed my name 3 times in the last year what name do you have me under? Try smith, green

  • Encryption (Score:1)

    by Anonymous Coward

    End-to-end encryption automatically applied to all emails would provide an additional consistency check to reduce these kinds of incidents.

    Require recipients potentially receiving especially sensitive information to have a private key that is an additional factor to their email address.

    • The problem I see with this is that if I select a wrong address, my email will likely assume that's what I wanted to do and encrypt for them.

  • Shouldn't have mattered, BAD Google! (Score:5, Insightful)

    by pla ( 258480 ) on Monday May 09, 2016 @11:36AM (#52075823) Journal
    The data included staff names and social security numbers, among other sensitive details.

    Why the hell would they send sensitive employee data unencrypted over email? It should have made no difference at all if they sent it to the wrong address, because no one but the intended recipient should have the key to access the data. Yet clearly, not the case here.

    People need to start going to jail for shit like this.

    • Re: (Score:3)

      by DarkOx ( 621550 )

      Most e-mail encryption is done transport level and its opportunistic.

      You Say: STARTTLS
      and see if you get a non-error response code. If you do TLS handshake and the mail is ciphered if not it goes in the clear. Now most of these gateways can be configured to do things like 'require encryption if the destination domain is example.com'

      So you can fix it so all mail to your payroll provider gets encrypted or bounced, but if the client miss-addresses it and sends it to some other valid domain + mailbox, opps.

  • This seems such a tepid consolation nowadays.

    It feels like as if a shit Electrician burned down your house thru sheer incompetence and their way of making up for it is providing you a new fire extinguisher.

  • CORP MEMO: "We do not have evidence that any employee's personal and sensitive information was leaked to outside parties."

    TRANSLATION: "We didn't look for it. Just shut up and keep working."

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close