The U.S. Commodity Futures Trading Commission (CFTC), an independent federal agency that helps regulate futures and option markets, was hit with a data breach last month according to an e-mail statement from the Commission that circulated online late last week.
The e-mail confirmed an attacker was able to phish one of the agency’s employees on May 21 and gain access to the employee’s e-mail. Some of the e-mails that were raided included attachments that contained coworkers’ names, social security numbers and “possibly other sensitive personally identifiable information of certain individuals,” according to Bloomberg, who was able to acquire a copy of the statement.
In an e-mailed statement to the news outlet, John Rogers, the CFTC’s Chief Information Officer, was confident the breach only affected employees and none of the trading or market data the agency regularly processes.
As has become routine in situations like these, the CFTC claims it will bolster its security and contract a credit monitoring company to offer identity protection for affected employees. The CTFC has said it will also offer training for its employees, especially those who handle personal information, in hopes of preventing any similar incidents from happening again in the future.
The CFTC isn’t divulging how many employees may have had their information stolen but the agency, created in 1974, employs around 700 individuals, according to a recent CNN article.
In an interview with Threatpost last year, Aaron Higbee, the Chief Technology Officer at Intrepidus Group claimed more than three quarters of employees are habitually fooled by phishing scams. The security firm claimed most of the organizations it works with have never trained its employees against targeted, spear phishing attacks.