In November 2016, a Boeing employee experiencing difficulty formatting an Excel spreadsheet. Not realizing that hidden columns included birth dates and social security numbers for 36,000 Boeing employees, he emailed the spreadsheet to his wife, who was not a Boeing employee, so she could help. This seemingly innocent act prompted Boeing to launch an investigation and notify those employees and officials in four states of a data breach.
You see, data breaches are not always caused by Russian hacks or other cyber-criminals. Sometimes it is the most innocuous action taken by the most well-meaning of employees. As a result, Boeing had to investigate whether the data went any further than the employee’s wife and to make sure it was deleted from her computer. Luckily for Boeing, it seems that the damage was quite limited and the data was not further compromised after reaching the employee’s spouse. Nevertheless, Boeing is notifying 36,000 employees in four states of this incident as well as state officials in each of those states. Finally, Boeing is offering free credit monitoring to the affected employees.
Simple employee education and training can help avoid these unfortunate incidents from occurring. For instance, whoever sent the spreadsheet to the employee in question should have known to label the document as sensitive and, if the technology was available, could have prevented the document from being copied, printed or forwarded. Finally, the employee in question should have been trained not to send sensitive information to personal email addresses.