Fidelity Data Breach, or When Employees Go Bad

The breach of 2.3 million customer records by a former Fidelity National employee is a perfect example of how a person can do everything possible to protect themselves from being hit with identity theft or fraud, and STILL get endangered through no fault of their own.

Obviously, William Sullivan went bad for some reason--we may never know why he did that. Money? Revenge? Sexual favors? It probably doesn't matter. What matters is that he did, and that he was able to exploit the internal controls of his company and cause a tremendous amount of damage.

How did he do that? How was he able to get access to data he wasn't authorized for and distribute it so easily? How was it that he was able to camouflage the theft so well that Certegy needed to call in the Secret Service to track it down? Simple--the company's internal security procedures for payment processing were weak. Sullivan was able to find holes in the everyday business routine and get access to data he wasn't supposed to have, and used that information to leverage connections in order to resell it.

 Nature abhors a vacuum, and data breaches are not exceptional in this regard. A recent Inspector General report on the VA laptop loss explains this perfectly:

The report also pointed out that administrators there gave the IT specialist access to more data than they should have. He also was given programmer-level access that allowed him to extract information from medical records. " In one instance, he inappropriately incorporated employee health records into a research database, compromising the privacy of VA employees and violating the terms of the protocol," the report stated.

Not only did the VA analyst cover up his own screwups, but he had access to more information than he should have, causing even greater screw-ups still. It's a failure of a workplace culture and one of the main reasons these breaches happen--people let everyday screwups become a matter of practice, and then when a catastrophe occurs, rush to cover up the incident and put Band-aids on it. Doesn't work.
 

Published Wednesday, July 04, 2007 1:23 PM by DrIdentity

Comments

# Fel.Nu » Blog Archive » Dispute Credit Report Errors and Mistakes from Equifax, Trans (identity theft social security number) Union and

PingBack from http://www.fel.nu/fel.nu/411

Thursday, July 05, 2007 5:20 AM by Fel.Nu » Blog Archive » Dispute Credit Report Errors and Mistakes from Equifax, Trans (identity theft social security number) Union and
Anonymous comments are disabled