Tech savvy system admins and some other IT specialists are major risk factors for enterprises, as they know how all information systems work and can easily bypass any less-than-perfect protection. However, most cases here are unintentional and caused by human errors. This is a digest of data leaks by IT specialists, prepared by InfoWatch Analytical Center.
Ever-evolving cloud technology and new storage techniques have undoubtedly streamlined the processing of large data volumes, while also dramatically increasing the risk of confidential data leaks. Currently, the most common case is about a system admin leaving free access to a NAS or misconfiguring a database. For example, FedEx, a world-renowned courier delivery company, suffered such incident a short while ago, when 119,000 customer records were left exposed on an unsecured Amazon server, including drivers' licenses, work and military IDs, bills, resumes, insurance policies, and voting and credit cards.
Dishonest IT specialists, who have access to business apps and databases due to the role in the company, may use them for personal gain. Thus, a 31-year-old IT engineer from KCG Holdings, Inc., a U.S. financial services firm, was accused of installing malware on his employer's servers to steal data. The criminal explained his actions by the fear of losing his job after the upcoming acquisition of KCG by Virtu Financial, Inc. Now, he is facing a 10-year prison sentence for trade secret theft.
For several months, a system admin at a hospital of Astana, Kazakhstan, illegally used personal data of 25 hospital employees to obtain bank loans of 10,000 to 50,000 tenge each (approximately $30-150).
In India, Madhya Pradesh police arrested Shailendra Yadav, IT head of Narmada private hospital, and Vaibhav Saxena, a former CIO of the same hospital and at the time of the arrest Director of Swastik Total Health Care Solutions, for stealing confidential data. The police said that Yadav admitted to sending Saxena sensitive information that was crucial for obtaining a certificate from the National Accreditation Board for Hospital and Health Care Providers. Saxena, in turn, admitted that he shared the stolen data with other private hospitals in the city.
To make a fast buck, a computer technician of Mumbai University emailed exam question papers to two students who then sold them to others via WhatsApp.