EMAIL BREACH

This Email Contains Wage and Employment Information . . . Looks Like Personal Information

I wonder why it's coming to my home email address almost 5 months after I left my employment???

Email With Personal Information Sent to My Home Email

Despite the fact that I ceased my employment with the Government of the Northwest Territories months earlier, I continued to receive auto-generated email from PeopleSoft regarding former employees.

Well, this seems wrong, I'll let someone know!

As you can see, this wasn't the first message I received from PeopleSoft in the months following my departure from the Government f the Northwest Territories.

Six Months After I Left My Employment, My Email is Still Being Monitored

That's Gary MacDougall, Director of Legal Registries, stating that my former email is still active and is being forwarded to him.

But wait . . . there's a solution!

This is the Second Time Gary MacDougall Mentions That my Former Email is Still Active and is Being Redirected to Him

He seems really proud of this!!!

After this, My Former Work Email Remains Active and Continues to Be Monitored . . .

Question: How does no one involved here recognize that this does nothing to fix the problem with PeopleSoft?  


Further Question: How does no one involved find it offensive that my email continues to be monitored after I left my employment?

MY EMAIL WAS MONITORED UNTIL FEBRUARY 12, 2015!!!

This is Exactly 11 Months after I Left my Employment!

“These emails have been autoforwarded to me but the time has come to delete the account.”  


The tone and wording of this statement is very odd...it almost reads like Gary MacDougall would prefer continuing to have access to the account.

FAILURE TO RECOGNIZE THE BREACH

Recognize that the Breach Here Involved the Information, Not the Email

  

The problem here was that I had access to personal information of former employees, the fact that it came by email is irrelevant. Similarity, the fact that my former work email continued to be monitored is a breach because of the information in the email, not because it was sent by email. This amounts to a failure to recognize the breach.

Contain the Breach

With the breach being misidentified as a problem with email, all that was done was to attempt to redirect the email. Of course, once I noticed my 'preferred email' in PeopleSoft had been changed, I changed it right back.

Secure the Information

After failing to recognize the breach, there was no effort expended to recover the data. This data remains in my possession more than 3 years late, and I've never received a request to return, destroy, or delete the personal information.


UPDATE: By letter dated October 2, 2018, the Department of Justice asserts that I am "required" to return or destroy the information. I am under no legal obligation to do so.

Notify the Persons Impacted

The risk attached to the release of information regarding a raise or the end of a contract certainly does not represent a tremendous amount of risk for anyone involved, so I can understand why the persons involved might not have been notified of the breach. On the other hand, no one ever followed up with me to say that the problem was fixed—which, of course, it wasn't.

Fix the Problem

The wrong problem was identified, the wrong fix was implemented, and the fix was unsuccessful—I reset my preferred email in PeopleSoft almost immediately. 

BONUS FAILURE: TRIVIALIZING THE PROBLEM

Gary MacDougall finds the problem 'greatly exaggerated'

Question: Exactly how many emails containing personal information had to be sent to me before it was too many? 


 Answer: I suggest that even one email containing personal information being sent to me was too many. 

. . . and then Beth Collinson closes the exchange with a smiley : )

ln response to my request that I stop receiving auto-generated emails from PeopleSoft that contain the personal information of other individuals, they just redirected all emails, including those containing my personal information to Gary MacDougall, without my knowledge or consent . ..and this warrants a smiley???

This Exchange Started with the Receipt of an Email from PeopleSoft . . .

Maybe there's a problem with PeopleSoft?

PEOPLESOFT BREACH

This website is for educational purposes only


Recognize>Contain>Secure>Notify>Fix