A college security guard stole private student and employee data before going on an Internet spending spree using the information. According to experts at InfoWatch, it is unlikely that the college administration ever carried out a risk assessment and the security guard probably had access to all the information in the office.
Police have arrested a security guard from Suffolk Community College on suspicion of stealing personal data on students and staff and using the information for fraudulent purposes.
Ronnie Artis, 41, was arrested at his home after a police search revealed personal information belonging to students and faculty members from the campus where he worked. Police say he used the personal information to make purchases online. Detectives found that the purchases were being delivered directly to his home.
Artis, who is a former New York City Police officer, was hired by Suffolk Community College in June 2005. As a security guard, Artis had access to campus offices where sensitive records are kept. Despite the fact that the purchased goods were being sent to his home address, it took police three months to arrest the insider.
“The problem of physical and technical security arises whenever an organization provides a service to the public and has a large database of personal details. In this case the college administration had obviously never carried out a risk assessment because the insider not only had access to the administrative offices but also to personal data. All data on paper documents should be kept in a locked safe and all electronic data should be encrypted or stored in some other secure form, according to all basic security standards,” says Denis Zenkin, marketing director at InfoWatch.
Source: 1010wins