- Rogue employees can exploit the given privileges from the company with a purpose to steal sensitive data about people, processes and intellectual property.
- Capital One, Trend Micro, and Desjardins Group are some of the examples of such data breaches.
Insider threats can bring a massive damage to a company. This malicious threat usually comprises of people associated with an organization such as employees, former employees, contractors, and business associates who have either privileged access or confidential information concerning to the firm.
Rogue or maligned employees can exploit these privileges with a purpose to steal sensitive data about people, processes and intellectual property and give them to whomever they please. The business ramifications of such actions can be incredibly costly. Here’s a list of data breaches in 2019 that occurred due to maligned employees.
The top insider breaches in 2019
Capital One suffered a major data leak after an ex-employee of Amazon web services gained access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, and 80,000 bank account numbers by exploiting a misconfigured web application firewall. Apart from Capital One case, Thompson is charged with accessing information of about more than 30 other organizations in and outside the US.
In November, Trend Micro disclosed that approximately 70,000 customers were affected after an employee improperly accessed the data with clear criminal intent. The alleged employee sold the stolen information including names and phone numbers to a third party.
Canada’s biggest financial services cooperative, Desjardins Group took a major decision of reshuffling its management team in the wake of the breach that was disclosed in June. A malign employee associated with the company was fired after he was found to involved in the compromise of the personal data of its 4.2 million members in Quebec and Ontario. The stolen information was shared with third parties outside of the organization.
An employee, Steffan Needham, was sentenced for two years in prison for deleting 23 AWS servers while working at digital marketing and software company Voova. Needham had used a colleague’s computer account to access the company’s Amazon Web Services account, changed the password and created another user login.
A rogue, former employee of Nebraska Medicine had gained unauthorized access to patients’ medical records, Social Security numbers and more. Investigation revealed that the employee had accessed the information for over a yeat - between July 11, 2018, and October 1, 2019.
The U.S. Custom and Border Protection agency also fell victim to a data breach after attackers gained access to a subcontractor’s network. The subcontractor worked for the company and had downloaded a set of images without the permission of the agency. The number of impacted victims is said to be under 90,000 or so. The breach contained copies of license plate images and traveler images collected by the agency.