Here is another example that even the largest companies cannot be safe from information security breaches, especially when using partner companies with lesser security:
According to a report by ZDNet Australia, an undisclosed number of personal data records were stolen from Colt Express Outsourcing Services.
The company provided HR services for Google, CNET and other large companies - the stolen records are of employees of these companies. The breach was actually a physical burglary, but obviously targeting data instead of funds.
Actually, according to statement made by the CEO of Colt Express Outsourcing Services, they are in financial difficulty, so the MOST VALUABLE ASSET they had were the personal records of employees of large companies.
While measures are being taken to protect the employees from identity theft and fraud, it becomes apparent that companies need to strongly address not only their security, but the security of their partners.
The incident of Citibank where the PIN's were most probably stolen from a partner company, also underlines the same requirement.
To reiterate the measures of protection, which although not foolproof actually to minimize the risk towards your business and personnel:
- Always agree on security levels for infrastructures and processes of your business partners.
- Make periodic audits that the agreed levels are respected and enforced.
- Maintain vigilance on your information in the wild - the faster you identify that some information is in the wild, the less impact it will have on your business.
Risk of losing backup media - real example
Talkback and comments are most welcome