The commission informed employees that a phishing attack lead to the possible compromise of their personal data, according to a report by Bloomberg.
A phishing attack on May 21 resulted in a third party gaining access to an employee’s email account, which had access to personal information on other employees, according to a description of the event provided in an email to employees obtained by Bloomberg.
“The e-mail account contained e-mails and attachments with the names, Social Security numbers and possibly other sensitive personally identifiable information of certain individuals”, according to the e-mail.
The CFTC has about 700 employees and regulates commodity futures and options markets in the US.
In a statement emailed to the newswire, John Rogers, CFTC’s chief information officer, said: “The CFTC believes at this time that the data breach is contained to employee information and does not compromise any trading or market data. Law enforcement has been contacted and we will work with them as appropriate.”
The agency told employees that it would be implementing additional security controls for IT systems and increasing training for staff, including those who handle personal information.