By Rudra Srinivas
Insider threat is a primary concern for every information security leader. Several organizations are seen spending massive resources to keep the bad guys out, but they fail to address the insiders within their own company.
As a result, a number of data breaches happen due to the employee negligence or unintentional actions like responding to a phishing email with sensitive information or downloading malicious content. We take a look at six notable data breaches that were caused due to insiders:
On April 20, 2018, Atlanta-based financial services firm SunTrust encountered a data breach that might have compromised around 1.5 million customers’ personal information. The financial firm notified its customers that an ex-employee of SunTrust gained unauthorized access to the data related to bank accounts such as customer’s names, account numbers, addresses, and contact details.
Fortunately, the information that was stolen did not include sensitive data like social security numbers, PINs, user IDs and, passwords. While the issue is still under the investigation, the SunTrust bank announced that it took appropriate measures to heighten its data security.
In July 2017, Anthem, an American health insurance company, reported a massive data breach that resulted in an identity theft of 18,000 Anthem’s Medicare members. In April 2017, the company discovered that an employee who worked for one of the Anthem’s healthcare consulting firms was stealing and misusing the information of Medicaid members since July 2016.
The employee illegally sent a file containing the company’s data to his personal email address. The stolen data included Medicare ID numbers, social security numbers, health plan ID numbers, names of members, and dates of enrollment. The employee was suspended from the services and placed under the investigation.
Central Bank of Bangladesh
In February 2016, a group of hackers attempted a heist of $951 million from the Central Bank of Bangladesh. The cyber thieves attempted to move the funds into five different accounts held at Rizal Commercial Banking Corporation in the Philippines. While the bank succeeded in recovering $870 million, an internal investigation later revealed that the breach happened due to five low-level and mid-level officials.
“They were negligent, careless and indirect accomplices,” Bangladesh Central Bank Governor Mohammed Farashuddin told Reuters.
In 2015, the financial service provider was exposed to an insider breach which compromised more than 730,000 customer records. It was discovered soon after that an employee Galen Marsh, who worked as financial adviser in Morgan Stanley´s private wealth management division, was the culprit.
During negotiation for a new job, Marsh stole important information including customer names, addresses, account numbers and other credentials. He soon pleaded guilty and Morgan Stanley ended up paying $1 million as a penalty
JP Morgan & Chase
The American multinational investment bank and financial services company experienced a massive data theft in 2014 which exposed 76 million customer records. The company described that hackers compromised an employee’s personal computer and went onto gain unauthorized access to the company’s server over a period of two months. The bank declared that customer names, email and postal addresses, and phone numbers of account holders were compromised. However, the account login credentials such as social security codes, PINs and passwords remained safe.
The cyber attack was carried out in June, discovered in late July, and could not be stopped till the middle of August 2014. The FBI officials later arrested the suspects involved in the incident.
Korea Credit Bureau
Nearly half of the South Korean population got affected when their sensitive information was compromised by an insider at Korea Credit Bureau in 2014. The credit rating company stated that around 20 million records were stolen, which included customer names, phone numbers, social security numbers, credit card numbers and their expiration dates.
The investigation concluded the data breach was done by a temporary consultant at the Korea Credit Bureau (KCB), who gained unauthorized access to the customers’ data from the company’s server and sold it to marketing firms. The culprit and the people who purchased the stolen data from him were later arrested.