A lawsuit filed in the US District Court of Kansas by Pulaski Bank names three former employees and claims they took confidential company data to be used by their new employer – and conspired to recruit Pulaski staff for that new employer, while still employed by Pulaski Bank.
One of the three named defendants is Rita Rieke, a former sales manager with Pulaski Bank, and now with rival First State Bank. Historically, Rieke was one of Pulaski’s top performers, until last month when she brought in just four mortgage applications. “Upon information and belief,” states the claim, “Rieke’s dramatic drop in performance was the result of her redirection of applications and business from Pulaski to First State Bank."
This alleged activity is simply immoral and illegal – and is not something the security industry can combat. However, the lawsuit also claims that another former employee, Linda Stewart, “copied files from a protected computer to an external USB thumb drive.” And that Charles Ziegler “e-mailed confidential files from a protected computer to an outside e-mail address.”
It would seem that while Pulaski Bank used security measures to protect access to company data (mainly in the form of password-based access control), it did little to protect the exfiltration of that data by authorized users. This is something that can be tackled by the infosec industry. Commenting on the news, Imperva’s Rob Rachwald suggests “Protecting the data and files at the source to recognize aberrant behavior (e.g., low level person taking many files)...”
Companies that 'lose' data in such circumstances are not merely losing competitive edge, they are potentially contravening data protection laws.