Everything You Need to Know About Insider Data Breach

  • By David Lukic
  • Aug 25, 2020

Data breaches are on the news frequently, but the average person doesn’t really know that much about what they are and how they happen. Data breaches can occur in a variety of ways, but perhaps the most disturbing is an insider data breach. Companies spend millions on securing their own personal trade secrets and company data, customer accounts, and private details only to find that an insider has broken their confidence and stolen it or sold it for personal gain. 
 

What is Insider Data Breach?

To put it mildly, insider data breach is when a person who works for a company or used to work for a company intentionally causes data theft. Diving a little deeper on the matter, a data breach is when a private company or customer information is stolen to use for identity theft, financial gain, or other purposes. In the case of an insider data breach, the theft is carried out by an employee, ex-employee, vendor, or other trusted source. For example, in the healthcare industry, roughly 58% of all data breaches occur because of an insider rather than an external source. Unfortunately, as companies increase their security from outside breaches, insider breaches are harder to detect and avoid. About 2,560 internal data breaches occur daily in the U.S. Not all insider cybersecurity threats are malicious. In some cases, it’s a matter of carelessness, innocent mistakes, or improper security protocols that result in a data breach. A typical company that suffers an inside attack loses $15 million per year, and sometimes that figure can balloon up to $1 billion. 

Are There Any Examples of Data Breaches Caused By Insiders?


Along with the everyday insider data breaches that no one ever hears about, there are a few infamous ones as well.

Insider data breach
 

Google Data Breach


Anthony Levandowski was a former Google employee working in their autonomous car department, now called Waymo. Before leaving Google, Levandowski copied and stole thousands of files, including blueprints. He left Google to start his own company Otto Motors which was soon after purchased by Uber. When the insider data breach was discovered, Google sued Uber, and they were forced to pay out $245 million.
 

Allen & Hoshall Data Breach


Allen & Hoshall had an eye-opening experience when their ex-employee Jason Needham left their company in 2013 to start his own company. The company later discovered that he had left an open door for himself, and for two years after departing, he continued to steal information worth $425,000. He hacked his way into a colleague’s email account and was caught when he submitted a bid that was “suspiciously similar to one from Allen & Hoshall” for an upcoming project. The FBI was called, and with their help, Needham was sentenced to 18 months in jail, plus he lost his engineering license to boot. 
 

Anthem Data Breach


In the case of the Anthem data breach in 2017, it was a trusted partner, LaunchPoint, who suffered the data breach and, in the process, dragged Anthem along with them. Customer data, including Medicare ID numbers, dates of enrollment, and other personal identification, was stolen when an employee emailed himself a copy of the file to his personal account. Lackluster security was to blame for this particular incident despite the fact that Anthem itself had beefed up theirs, they didn’t count on LaunchPoint’s security weaknesses. 
 

Target Data Breach


The 2014 Target’s data breach was again called an inside job because hackers found a weakness in a refrigerator contractor Fazio Mechanical. An employee of Fazio Mechanical clicked a link from an email and downloaded malware to his or her computer. After that, once they logged into Target, the criminals had all they needed to breach the system and install card scraper software into the pay terminals. That data breach affected 70 million people who lost names, addresses, phone numbers, email addresses, and credit card data. 
 

How to Protect Your Company Against Insider Threat and Corporate Data Theft


protect yourself from insider data breach

Preventing insider threats starts with education. First, put in place a solid process of educating your employees about IT security, best practices, password safety measures, and privacy protection so that accidental data breaches don’t occur. To secure against malicious insider threats:
 

  1. Identify your most sensitive data and secure it. 

  2. Have a strict policy about access and logins. If anyone’s information is compromised, close the door and change the credentials immediately.

  3. Disallow any shared access or re-used accounts or passwords. Force password reset each month. 

  4. Assign responsibility so that one employee oversees access to specific data. That way, you have accountability, and it is harder for someone to breach access and steal data without being caught.

  5. Have a zero-tolerance policy against suspicious activity or data breaches. Instruct all staff members on how it works and what the consequences will be.

  6. Install tracking software to monitor access to all sensitive data and protected areas of your network. 

  7. Perform an IT audit every month to track access and accountability.
     

Although you can never be 100% sure to prevent an insider data breach, following these measures will ensure you are much safer, and your data is better secured. 

About the Author
IDStrong Logo

Related Articles

Adult Friend Finder Hacked, 412 Million Accounts Exposed

Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 20 ... Read More

The Anatomy Of Amazon Data Breach Explained

Along with being an online merchant, Amazon also supplies cloud servers to some heavy hitters in t ... Read More

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach

T-Mobile Data Breach incident occurred many times. Once from September 1, 2013, and September 16, ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. Wha ... Read More

Latest Articles

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Healthcare Management Solutions, known as a healthcare-related consulting company from West Virgini, has over 100 employees and brings in nearly $20M annually.

How to Remove Hard Inquiries from a Credit Report

How to Remove Hard Inquiries from a Credit Report

A credit score is an invisible number, yet it often feels like it controls our lives. It determines what we can buy and how much we'll have to pay.

What is Endpoint Security, and Why is it Important?

What is Endpoint Security, and Why is it Important?

Businesses can make every effort to beef up corporate network security, but those improvements mean very little if criminals choose to break into an already connected device.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close