People are the weakest link in any corporate information security system, with soon-to-be-former employees being the biggest threat. A failure to block their access to corporate systems may result in truly grave consequences including the dreaded data leak. Former employees can leak confidential data for personal gain, out of revenge, under pressure, or simply by accident. This is a digest of such leaks prepared by InfoWatch Analytical Center.
Last year, a high-profile incident took place in China. The police arrested six former engineers and designers of smartphone manufacturer Huawei for leaking trade secrets to their new employers being Huawei’s rivals. Experts say this could significantly damage Huawei business in China, the world’s most competitive smartphone market.
In neighboring Japan, personal information of 169 customers, who each had over ¥100 million (approximately $1 million) deposited in the Bank of Saga, was copied by a former employee and handed to criminals who used the customer names, addresses, account balances, and phone numbers to steal money.
In many cases, leaving employees may easily copy business-critical information and take it home, including customer databases, company financial data, product information, and so on. Thus, Showpo, an Australian online fashion house, accused one of its ex-employees of stealing the entire customer database (306,000+ customers) and passing it on to her new employer. Such breaches go virtually undetectable, unless you have an advanced DLP system.
The Ukrainian Cyberpolice Department unmasked a former technical specialist of the Pension Fund who created hundreds of large data storages containing information about retired persons and filled-in social security forms, as well as telephone directories of defense and law enforcement officers, etc., and sold them on the Internet.
Healthcare institutions are the most common victims of confidential information leaks by ex-employees. Not only medical records are best sellers on the black market, but also many healthcare centers simply cannot afford effective protection systems. Dishonest employees often make use of these shortcomings. For example, SSM Health, a U.S. health system, reported that its former call center agent illegally accessed medical records of its patients in multiple states over an eight-month period, compromising a total of 29,000 records and mainly focusing on patients with a controlled substance prescription.