When the Threat Comes From Inside

When we think about cybersecurity, a lot of our time is spent focused on how to fortify our network from outside hackers. But what happens when nefarious intent is coupled with access? An insider threat. Two major companies – American Express and Yahoo – have both been in the news for fraud committed by their own employees.

insider threat

The Attacks

American Express sent out a breach notification that stated an employee illegally used their access to cardholder information to open accounts at other financial institutions. The employee had access to a treasure trove of information that was used to commit identity theft: full name, billing address, social security numbers, birthdates, and credit card numbers. The person was fired and is under criminal investigation, but for the people dealing with the identity theft, that may seem too little too late.

A Yahoo engineer recently plead guilty to hacking 6,000 user accounts in search of intimate photos and videos. The engineer cracked passwords and used his employee access to get into internal systems. He spent from May 2018 to June 2018 accessing accounts of friends, colleagues, and other young women. In addition to breaking into Yahoo accounts, he used his access to hack other accounts like iCloud, Facebook, Gmail, and Dropbox. This incident serves as the perfect reminder that your email account is often a gateway to all your other online accounts!

Staying Safe

Companies can implement security features to root out suspicious access, but there is little we can do as consumers when an employee chooses to abuse their position to steal data. We can only stay vigilant when it comes to protecting accounts with strong, unique passwords, regularly examining our credit reports for anything unusual, and carefully considering the types of personal pictures and videos we keep online.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s