Insider Data Breach, Database Admin Sells Financial Info
The other day I posted a comment on how users were often the weakest link in info security, but that was only part of the story. In eWeek's article Fidelity National Reports Big Data Breach, Axes Worker we see just how important it is keep tabs on IT staff as well. In general we can trust system admin, network managers or database administrators. I've worked in all those roles and know many colleagues that wouldn't for a minute consider selling out. But all you need is that one in a thousand disgruntled employee who has the keys to the database to have a serious data breach.
eWeek reports:
Fidelity National Information Services Inc., an electronic payment processor, said on Tuesday a database administrator stole and sold customer data, exposing as many as 2.3 million bank and credit card records, and that the worker has been fired.The employee, who worked at the company's Certegy Check Services Inc. unit, sold the information to a data broker, which in turn sold some of it to a "limited number" of direct marketers.
These activities led to customers receiving marketing solicitations, though there is no evidence of fraud, Fidelity said. The stolen data include names, addresses, phone numbers, birth dates, and bank account and card information, it said. "We're very, very confident that this has been very much contained," said Renz Nichols, Certegy's president, on a conference call.
Sometimes you have no choice but to trust a single database administrator, especially in small businesses. Whenever possible though someone else should be checking the database logs and audit trails.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
