The Seven Largest Insider-Caused Data Breaches of 2014

 
 
By Chris Preimesberger  |  Posted 2014-12-29
 
 
 
 
 
 
 
 
 
  • Previous
    1 - The Seven Largest Insider-Caused Data Breaches of 2014
    Next

    The Seven Largest Insider-Caused Data Breaches of 2014

    by Chris Preimesberger
  • Previous
    2 - Korea Credit Bureau
    Next

    Korea Credit Bureau

    In January, it was revealed that 27 million records were stolen from the Korea Credit Bureau, including names, resident registration numbers and credit card details for 40 percent of the population of South Korea. A computer contractor working for the Korea Credit Bureau, which is responsible for producing credit scores, was to blame as he abused access to secretly copy the data onto an external drive over the course of a year and a half. While the contractor was identified and arrested, along with 15 others who played a role in distributing this information, the investigation has not been concluded because authorities are still attempting to identify how the compromised records were being distributed.
  • Previous
    3 - Barclays Bank
    Next

    Barclays Bank

    In February, we learned that Barclays Bank—one of the 10 largest banks in the world—lost control of 27,000 customer files containing everything from passport and national insurance numbers to information about earnings, savings, mortgages, health issues and insurance policies. This breach was potentially worth millions on the black market, as it would allow bad actors to use the stolen information to target unsuspecting individuals. The bank's own employees were allegedly perpetrating the sale and distribution of the stolen information. To this day, no arrests have been documented.
  • Previous
    4 - Target Stores
    Next

    Target Stores

    Also in February, Target announced that a trusted third-party heating and air-conditioning contractor was responsible for the biggest data breach in its history. In this insider incident, 40 million customer credit and debit card numbers were breached, along with 70 million records containing names, addresses, email addresses and phone numbers of Target shoppers. This breach is still under federal investigation, and Target is now dealing with lawsuits put forward by affected banks and credit unions.
  • Previous
    5 - DuPont
    Next

    DuPont

    In March, DuPont announced that its proprietary formula to cleanly manufacture the white pigment used in paper and plastics was stolen and sold to a competitive Chinese company in the $14 billion market. A contractor working for DuPont sold the formula for $28 million in contracts. The contractor was found guilty of 22 counts of economic espionage, trade-secret theft, witness tampering and making false statements.
  • Previous
    6 - EnerVest
    Next

    EnerVest

    In May, a district attorney secured the conviction of an EnerVest employee who reset all network servers to factory settings, disconnected critical pieces of network equipment and disabled the equipment's cooling systems because he learned he was going to be fired by the company. The rogue employee's actions prevented the company from fully communicating or conducting business operations for approximately 30 days, and it cost EnerVest hundreds of thousands of dollars to recover historical data from its network servers.
  • Previous
    7 - AT&T
    Next

    AT&T

    In June, it was revealed that an AT&T employee improperly accessed roughly 1,600 customer accounts and possibly viewed customers' Social Security and driver's license numbers. It is believed that the employee stealing these records intended to use them to jail-break locked AT&T phones so they could be more easily resold.
  • Previous
    8 - UMB Bank
    Next

    UMB Bank

    In September, UMB Bank reportedly lost more than $650,000 to an employee who generated 377 fraudulent checks over the course of four years. Responsible for generating refund checks after customer accounts were closed, the employee, who pleaded guilty to the charges after a corporate fraud investigation was conducted, used her position to issue fake refund checks for personal gain. Since her criminal activities coincided with her normal day-to-day responsibilities, the fraudulent transactions went undetected for a long time.
 

From an insider threat perspective, 2014 has been an incredibly damaging year for a number of big-name enterprises. This year has seen malicious insiders use infected point-of-sale (POS) devices and highly sophisticated malware to siphon corporate intellectual property and customer personal information, such as credit card information and Social Security numbers. According to the Software Engineering Institute (SEI) at Carnegie Mellon University, a malicious insider threat to an organization is defined as a current or former employee, contractor or other business partner who has or had authorized access to an organization's network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity or availability of the organization's information or information systems. In this slide show, developed by eWEEK and insider detection solution provider SpectorSoft, we take a look at the seven largest insider threat cases of 2014.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel