An interesting report by Nisos looks at those selling or advertising insider access and those recruiting insiders at firms. From the report: Executive Summary Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums to identify individuals and networks advertising insider access or recruiting insiders at…
Category: Insider
Insider Threats: The Overlooked Risks of Departing Employees and Sensitive Data Theft
Joe Lazzarotti of JacksonLewis has a post on one of my favorite topics: insider threats. Insider threats continue to present a significant challenge for organizations of all sizes. One particularly concerning scenario involves employees who leave an organization and impermissibly take or download sensitive company data. These situations can severely impact a business, especially when…
Former Disney Employee Admits to Hacking Menu System to Change Allergy Information
Lucas Ropek reports: A former Disney employee who was fired for misconduct has admitted to hacking into the company’s menu creation software to alter key details, including food allergy information that could have been dangerous to customers at the resort’s restaurants. A complaint brought by the Justice Department last year claimed that a man named…
Today’s insider threat: Ardyss edition
Here’s today’s reminder of the insider threat. And also the external threat. Consider it a pre-holiday twofer. DataBreaches was contacted yesterday by “0mid16B,” the same individual who was responsible for previously hacking The1 Card, Thailand’s most popular loyalty program. In their latest contact, they claim to have successfully attacked Ardyss[.]com and ArdyssLife[.]com, telling DataBreaches, “In…
Douglas County Health & Human Services notifies patients that former employee accessed their records inappropriately
Alex Evans reports: Unauthorized access of HIPAA-protected information by county employee, largely flies under the radar. Six-months after the Douglas County Department of Health and Human Services determined an employee had accessed protected personal and health information without authorization, a notice appeared on the county’s website. That notice can be found here. Fox21 reports some…
CA: Ontario Provincial Police charge three former hospital employees PHIPA violations of patient privacy breaches
Toula Mazloum reports: Three former hospital employees have been charged following investigations into unrelated alleged breach of patient privacy incidents that took place over the course of last year in different parts of the province, according to the Ontario Provincial Police (OPP). The investigations started after police received three complaints in western, eastern and northern…