From the Reconnex August Insider Threat Index: "Ninety-one percent of companies who completed a Reconnex 48-Hour e-Risk Assessment in the month of July had credit card numbers entering or leaving their network and eight-two percent exposed social security numbers. Most concerning was the amount of personal data including name and SSNs exposed directly in the subject lines of emails, in clear, open text. The origin of the vast majority of these disclosures stemmed from human resources departments who often accidentally exposed employees' personal information when they communicate with partners in health insurance, payroll, workers compensation and other third-party processors. The personal data revealed by co-workers often included employee names, date of birth, social security numbers (SSN) and even sometimes bank routing information. This personal data was usually sent via Excel spreadsheets and in clear text. Sometimes the individual Excel spreadsheets contained thousands to tens of thousands of individuals personal data."