In an age where companies and governments are protecting themselves against cyberattacks on a global scale, mundane security risks are easy to overlook.
Boeing found that out the hard way after the private information of 36,000 Boeing employees was put at risk when an employee emailed the data to his spouse to ask for help formatting a document.
According to a letter the company sent to Washington State Attorney General Bob Ferguson, the employee wasn’t aware that the Microsoft Excel file he was having trouble with had social security numbers and dates of birth for 36,000 of his coworkers, including 7,288 Washington state residents. That information was contained in hidden columns, while the portion of the sheet he was able to see contained the employees’ names, place of birth, employee IDs and accounting department codes.
He emailed the document to his spouse, who is not a Boeing employee, in November of last year. The company realized what had happened more than six weeks later and conducted “a forensic examination of both the Boeing employee’s computer and the spouse’s computer to confirm that any copies of the spreadsheet have been deleted,” the letter said.
While Boeing says it is confident the information wasn’t spread beyond those two devices, it is offering two years of free credit monitoring for all affected employees.
The company said it will also require additional training on handling personal data.
Read Boeing’s letter to the Attorney General, as well as the notice Boeing sent to it employees, below: