Friday, December 11, 2009

HSBC Data Theft

HSBC, the world's largest banking group, has confirmed that data theft by a former employee occurred at the company between 2006 and 2007. While only about 10 records were taken, the underlying problem of data theft by employees. The employee has been charged in the theft. It appears that the employee took the data in hopes of selling it for profit. The data eventually ended up in the hands of the French Government, who had been investigating tax dodgers. The French Government insists they received the information to assess its validity, but did not pay for the data.

The main problem with this breach was that the employee in question was a part of the Information Technology department and therefore seems to have had legitimate access to the data which was stolen. It becomes tricky to deal with these situations because on the one hand, protecting your client's data is of the utmost importance, while on the other hand your IT group needs to be able to access a large amount of information in order to perform the tasks of their job effectively. The company needs to of course perform thorough background checks prior to hiring anyone who works closely with this sensitive data. Really though, it comes down to the managers keeping a close eye on what their employees are doing in their work.

http://www.computerworld.com/s/article/9142139/HSBC_confirms_data_theft_by_former_employee?taxonomyId=17
Posted by RR at 12/11/2009 05:01:00 PM

2 comments:

  1. NYIrish74December 13, 2009 at 10:46 AM

    This post was also mentioned in the story about TSA security. The information that was exposed was susposibly caused by a bug, but the problem stems from imporper redaction practices. Companies need to take great steps in this area as it is becoming much more evident that redaction is a serious practice that requires serious attention.

    ReplyDelete
  2. NicoleDecember 15, 2009 at 11:37 AM

    This entire situation presents an even larger dilemna within the technology world. These advisors are not average people; they are experts in their field. Their job consists of white hat AND black hat hacking. Once terminated from a position within a company, although you initially sign a document stating you would not take company documents or alter them in any way, people still do it. So how do you monitor the computer experts? That seems like an even greater problem! I agree with NYIRish...the bosses need to be more cognizant of their employees activities. But like I said, it seems like a difficult task to protect information from the information security experts.

    ReplyDelete

Subscribe to: Post Comments (Atom)