The U.S. Equal Employment Opportunity Commission has disclosed that it was affected by a data security incident involving a third-party contractor, after improper access to an internal system raised concerns about the handling of sensitive public information. The agency became aware of the issue in mid-December, although the activity itself is believed to have occurred earlier.
According to internal communications from the EEOC’s data security office, the incident involved the agency’s Public Portal system, which is used by individuals to submit information and records directly to the commission. Employees working for a contracted service provider were granted elevated system permissions to perform their duties. However, the agency later determined that this access was used in ways that violated security rules and internal policies.
Once the unauthorized activity was identified, the EEOC stated that it acted immediately to protect its systems and launched a detailed review to assess what data may have been affected. That assessment found that some personally identifiable information could have been exposed. This type of information can include a person’s name as well as other identifying or contact details, depending on the specific record submitted. The agency emphasized that the review process is still underway and that law enforcement authorities are involved in the investigation.
To reduce potential risk to affected individuals, the EEOC advised users to closely monitor their financ
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: