U.S. Workers Are on Alert After Breach of Data

WASHINGTON — Federal workers at the General Services Administration are on alert against identity theft after an employee sent the names and Social Security numbers of the agency’s entire staff to a private e-mail address.

The agency, which manages federal property, employs more than 12,000 people. Officials apologized to employees for the incident in a letter dated Oct. 25 — almost six weeks after the breach occurred. The agency said it had paid for employees to enroll in a one-year program to monitor their credit reports, along with up to $25,000 in identity theft insurance coverage.

The letter was signed by Casey Coleman, the chief information officer, and Gail Lovelace, the agency’s senior privacy official. Neither returned calls or e-mails for comment.

Sara Merriam, a spokeswoman for the agency, said in a statement on Wednesday: “Ensuring the security of employee data is no small challenge in large organizations. We will continue to evolve our protocols to protect the employee information entrusted to us.”

Documents show that officials first notified employees on Sept. 28. But workers who spoke with The New York Times said they did not learn of the incident until early November, when the letters arrived in the mail. Previous notices had been sent as security alert e-mails, which employees said they received frequently and often ignored.

According to interviews and documents obtained by The Times, technicians discovered the e-mail with names and Social Security numbers while reviewing logs on Sept. 22, a week after the message was sent, and deleted it from the recipient’s e-mail account and laptop.

The agency explained to employees that one worker had apparently transmitted the file containing the personal data by accident while seeking “work-related assistance,” and that it had not been forwarded. Those involved had cooperated, and the computer that received the data was scrubbed clean by agency technicians.

Still, Jack Hanley, who presides over a council representing the roughly 4,000 General Services employees who are members of the National Federation of Federal Employees union, said the agency’s delay in notifying employees had put them at greater risk. Additionally, he said, employees would remain vulnerable after the one-year period.

“Some of them have come to our office who have worked years to clean up their credit and have just got mortgages approved,” he said in an interview on Wednesday. “And now if someone messes with their credit, they’re going to lose.”

According to the documents, the agency inspector general is investigating the incident. The inspector general, Brian Miller, did not return calls for comment.