An EE customer has said she was stalked by an ex-partner who worked at the firm after he accessed her personal data without permission. Francesca Bonafede’s number was switched to a new handset and her address and bank details were accessed. She said the company failed to take the data breach seriously and she had to involve the police.
BBC News – EE data breach ‘led to stalking’ https://t.co/emCBrkGfZd 'An EE customer has said she was stalked by an ex-partner who worked at the firm, after he accessed her personal data without permission.' Pretty poor initial response from the company too.
— Beth (@TheOtherMcClane) February 8, 2019
Expert Comments below:
Anna Russell, VP at comforte AG:
“Data abuse or theft by company insiders is something that happens quite regularly. A research study from 2018 found that about 1 out of 4 data breaches are caused by employees rather than attackers from the outside. Many organizations are well prepared to defend their perimeter against unauthorized access, but very few are equally well prepared against the risk of unauthorized data access by an insider. Preventing such situations is absolutely possible and requires data-centric security. With this approach, all personal, sensitive data is de-identified by default all the time. Access to the actual personal information is only made available on a need to know basis with a clear business purpose after proper authentication.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.