An insider made use of private client information from the insurance company where she worked to purchase foreclosure property. The woman was only caught out after a complaint was made about prying phone calls.
A recent incident in which a Progressive Casualty Insurance employee used the private information of the firm’s clients to purchase property has once again revealed the dangers that insiders pose to IT security. The female member of staff was interested in buying foreclosure property for herself, ComputerWorld reports.
An official Progressive spokesman confirmed that in January 2006 the company was forced to send out letters to 13 clients. The notification letters stated that confidential data (names, social security numbers, dates of birth, and the addresses of foreclosure property) had been compromised by a company insider, who had since been fired.
The insider activity was only uncovered after a local woman complained about receiving phone calls from a Progressive agent inquiring about her house being under foreclosure.
The former employee had purchased foreclosure property, wrongly using the information in a real estate database. Though there was no actual hacking involved to get at the data, her actions constituted a violation of Progressive’s code of ethics.
“This incident clearly demonstrates the kind of dangers insiders present when granted authorized access to confidential information. What could have stopped the insider in this case? A code of ethics? It didn’t work. An IT security policy? It’s important, but it’s only a document. Active monitoring measures? Yes, but the company didn’t have any installed. What’s more, they are the only reliable method of combating insiders," says Denis Zenkin, marketing director at InfoWatch.
Source: ComputerWorld