News

Ex-Ofcom Employee Leaks Data to New Employer

MSPs
Yesterday news broke about regulator Ofcom suffering a mass data breach after a former employee gave information on the company to their new employer, a major broadcaster.

Reports claim the former employee walked away with as much as six years of data which could be used by their new employer to gain competitive advantage.

A statement from Ofcom said: “On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee,” said a spokesman for Ofcom. “This was a breach of the former employee’s statutory duty under the Communications Act and a breach of the contract with Ofcom.”

“Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner,” said the spokesman. “The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties.”

Christine Andrews, Managing Director of DQM GRC, commented "The news brought to our attention that an ex-Ofcom employee has stolen a considerable amount of confidential corporate data in order to win favour with his new employer. Unfortunately, this is an incredibly common, and serious, threat to businesses today. According to research a quarter of employees would sell private company data and risk both their job and a criminal conviction for just £5,000.

High profile targeted attacks, such as TalkTalk and Sony, generate fear in businesses from external hacking attempts, but in this day and age businesses need to be wary of both those on the inside as well as on the outside.

The good news is that there are ways companies can keep an eye on their confidential information – even when it has left the building. Data Watermarking allows you to add unique tracking records (known as "seeds") into your database and then monitors how your data is being used - even when it has moved outside of your organisation's direct control. The service works for e-mail, physical mail, landline and mobile telephone calls and is designed to build you a detailed picture of the real use of your data."

Ross Brewer, VP and MD of EMEA at LogRhythm said, “This is a perfect example of how a breach isn’t always a high-tech hack. Sometimes the culprit really can be someone who sits next to you at work, and not the anonymous, faceless, perpetrator that has become synonymous with modern-day cybercrime. Companies need to be aware that when sensitive information is readily available amongst employees, there is the possibility for anyone to abuse their trusted position.

“Companies like Ofcom hold huge quantities of confidential data and this will no doubt be a big wake-up call for the communications regulator. A big problem is that many businesses use the majority of their resources fighting the external threat, often underestimating the impact that the insider threat can have. However, as Ofcom will likely discover, employees can pose a very real threat to a company’s reputation.

“As well as having strict access control policies, it’s vital that businesses have full visibility of their network activity so they are aware of what is happening at all times. Indeed, by continuously monitoring the network, businesses can identify abnormal activity – such as downloading large batches of sensitive data – as soon as it occurs.”