A consultant at an insurance firm has been caught trying to sell the personal details of 112,000 clients over the Internet to an undercover US Secret Service agent. The insider now faces up to 45 years in prison and fines of up to $750,000. According to experts at InfoWatch, the case is a shining example of both the Secret Service’s work and the lack of protection against insiders in the workplace.
The US Secret Service has caught an insider trying to sell the personal data of 112,000 clients of insurance firm Sentry Insurance. He was arrested after offering to sell some of the information to an undercover agent.
Binyamin Schwartz, a 28-year-old computer programmer-consultant who worked for a firm hired by Sentry, obtained data on more than 112,000 people. He only managed to sell information on 72 people. All the insider’s deals were carried out over the Internet. The information included the names and Social Security numbers of the firm’s clients, but not the medical records that were also in his possession. Schwartz offered to sell the undercover agent the stolen names, addresses, Social Security numbers and dates of birth for about 36,000 people for $25,000 in cash.
Sentry has notified it clients about the incident and has offered free credit monitoring services to those affected. One Sentry representative said the consultant had chosen to breach the faith that had been placed in him.
Schwartz now faces up to 15 years in prison and a fine as large as $250,000 on charges of identity theft. The insider is also accused of device fraud and wire fraud. Device fraud is punishable by up to 10 years in prison and a fine of $250,000, and wire fraud can result in 20 years in prison and a fine of $250,000.
“On the one hand, this case is a shining example of how the special services and the legal system should work. On the other hand, it shows just how negligent the insurance company was. How can a hired consultant be entrusted with so much? I could understand if he stole the personal details of a couple of dozen clients. That sort of thing really is difficult to prevent if you don’t have specialized technology. But he managed to download more than 100,000 records! It would appear that the insurance firm had no security policy to speak of at all. Virtually any system protecting against insiders could have detected such a large-scale breach. I hope that the insurers have learnt their lesson,” says Denis Zenkin, marketing director at InfoWatch.
Source: JS Online