A former systems administrator who made copies of credit card numbers, passwords and other private details at Japan’s NTT Data has stolen over $260,000 from account-holders at Orix Credit Corp. According to InfoWatch experts, the incident is a typical crime perpetrated by an insider at a financial or IT company.
The NTT Data corporation announced that confidential financial data, stolen from a computer center in Sendai, was used to steal 31 million yen (over $260,000) from 17 individuals’ bank accounts. The transactions were made last October and in February.
A security camera showed a former system manager at the center making copies of data between October and February, according to NTT Data. Investigators have proven that the money was stolen with the help of a company insider, a 54-year-old male who was in charge of system administration. The unnamed suspect has been placed on a nationwide wanted list.
The 17 victims of the insider attack were account-holders at Orix Credit. The stolen information, including credit card numbers and passwords, was used to make unauthorized withdrawals.
“This is a typical insider crime. He managed to copy the private details of 17 clients because his position gave him unlimited access to the data. He then turned that information into money. It is the usual scenario. Virtually any sensible IT security policy would anticipate such actions and prevent them. The systems administrator is simply denied access to confidential information that is not needed to carry out his work," explains Denis Zenkin, marketing director at InfoWatch.
Source: Japan Times