According to a recent survey, most IT professionals admit to personally breaking security policies at some time, knowingly or otherwise. More than half said they had copied confidential data onto USB memory sticks, although 87 percent said it was against company policy. So everyone who is surprised by this, please raise your hand.
A recent high-profile example is the case of a senior database administrator for a consumer reporting agency in Florida who has admitted to stealing more than 8.4 million account records and selling them to a data broker. He netted $580,000 over five years from the scheme. The article goes on to say that his employer, Fidelity National Information Services, was alerted to the theft by a retail customer who was apparently paying attention to check transactions and the receipt by the retailer’s customers of direct telephone solicitations and mailed marketing materials. Finally, we have the typical downplaying of the impact of the whole affair: “The company is unaware of any identity theft or fraudulent financial activity resulting from the theft. Rather, it believes the stolen records were used for marketing purposes.” All I have to say is, they had better hope so. Read my previous article on how circumstantial evidence can now be admissable in a court of law in ID theft cases and you’ll see how this could get very bad in a hurry for Fidelity.
Related articles:
- 2008: More ID Theft The identity theft scourge is only going to get worse in 2008 as perpetrators — in pursuit of easy money...
- Max Butler Busted Again Max Butler, better known in the infosec community as “Max Vision,” creator of the open-source vulnerability database known as arachNIDS...
- TD Ameritrade Breach A database breach at TD Ameritrade Holdings, Inc. exposed approximately 6.3 million account holders to an increase in spam. Account...
