Wednesday, July 09, 2008

Consumer data jeopardized when employers install file-sharing software on work computers; Justice Breyer's info compromised

Recently, the personal information of about 2000 clients of a MacLean VA investment firm, Wagner Resource Group, were exposed to the public after an employee downloaded a file-sharing network called LimeWire onto a networked work computer. Among the clients was Supreme Court Justice Stephen G. Breyer.

A company called Tiversa is often hired to help companies detect data leaks of customer data. Here is a typical discussion of the problem by the company.

Another company that has worked with Wagner is First Advantage, and there is a paper in PCI Compliance Guide that describes how to respond to a data breach here. In one case, a consumer found $9000 false charges by AT&T on a telephone bill from an overseas source; it was reversed.

Another serious danger from such employee behavior is release of trade secrets.

It would sound obvious that the danger could exist when employees take work home and load customer information onto a home computer or laptop also containing P2P software or other recreational or personal applications, or perhaps not properly secured by a firewall.

Brian Krebs has a story in The Washington Post this morning, “Justice Breyer Is Among Victims in Data Breach Caused By File Sharing,” p A1, link here.

In 1995, I had a Merrill Lynch CMA credit card rejected at a grocery store, and found out yesterday that $400 of bogus AT&T phone charges from Canada had been placed on it. The card was replaced and AT&T reversed the charges, although it took a half day away from work to clear the mess up. I have never had such an incident since.

No comments: