UK regulator Ofcom has admitted to what appears to be the biggest data breach in its history, after a former employee downloaded competitive broadcaster information and absconded with it.
The former insider downloaded as much as six years of data provided by TV broadcasters to the regulator before leaving his position—and took it with him to his next gig, which was, conveniently, with a TV broadcaster. That broadcaster would have found the information quite useful from a competitive intelligence standpoint.
According to the Guardian, Ofcom has sent out letters to dozens of TV companies that hold an Ofcom license to broadcast in the UK, explaining the data breach.
“On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee,” said a spokesman for Ofcom. “This was a breach of the former employee’s statutory duty under the Communications Act and a breach of the contract with Ofcom.”
Fortunately for those TV companies, the senior management at the thief’s broadcaster chose not to use the information, but instead alerted Ofcom.
“Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner,” said the spokesman. “The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties.”
This is of course just the latest event illustrating just how dangerous insider threats can be.
“The incident is a perfect example of how firms struggle to protect their data resources from those already legitimately ‘inside the fence,’” said Louise Bulman, vice president and general manager, EMEA at data security firm Vormetric, in a media statement. “It is often a case of ineffective management of ‘privileged’ users on corporate networks that causes this type of data breach incident. Every organization will have employees or contractors who have far-reaching, privileged, computer network access rights—and it is how these users are controlled and secured that is often a weak link in the data security framework.”
Photo © Monrudee