When we think about cybersecurity, a lot of our time is spent focused on how to fortify our network from outside hackers. But what happens when nefarious intent is coupled with access? An insider threat. Two major companies – American Express and Yahoo – have both been in the news for fraud committed by their own employees.

The Attacks

American Express sent out a breach notification that stated an employee illegally used their access to cardholder information to open accounts at other financial institutions. The employee had access to a treasure trove of information that was used to commit identity theft: full name, billing address, social security numbers, birthdates, and credit card numbers. The person was fired and is under criminal investigation, but for the people dealing with the identity theft, that may seem too little too late.

A Yahoo engineer recently plead guilty to hacking 6,000 user accounts in search of intimate photos and videos. The engineer cracked passwords and used his employee access to get into internal systems. He spent from May 2018 to June 2018 accessing accounts of friends, colleagues, and other young women. In addition to breaking into Yahoo accounts, he used his access to hack other accounts like iCloud, Facebook, Gmail, and Dropbox. This incident serves as the perfect reminder that your email account is often a gateway to all your other online accounts!

Staying Safe

Companies can implement security features to root out suspicious access, but there is little we can do as consumers when an employee chooses to abuse their position to steal data. We can only stay vigilant when it comes to protecting accounts with strong, unique passwords, regularly examining our credit reports for anything unusual, and carefully considering the types of personal pictures and videos we keep online.