Real Stories of Insider Threats

In the last week of Inside Threat Awareness Month, it is important to look at actual incidents of real-life insider threats that greatly impacted companies of all types. Insider threats can cause external access to critical internal information and are often difficult to detect until after the damage is done. According to the Ponemon Institute, in a 2023 Insider Threat Global Report, the annual cost of incidents related to insider threats was $16.2M. It takes companies an average of 86 days to contain one insider security incident. 

• In 2022, Cash App experienced a data leak involving 8.2 million customers whose personal information was exposed, leaving those victims vulnerable to identity theft. This incident was caused by a disgruntled former employee who was terminated and sought revenge on the company. How did this happen? Cash App did not revoke the former employee’s access to company resources and internal workings, as customary with most terminations. Additionally, the company did not have any form of “user access reviews” to assess who currently has and previously had access to their sensitive information. 

• In 2022, Yahoo! suffered a data leak of internal strategies and code by a former research scientist who had planned to sell the information to the company’s biggest competitor. The former employee downloaded about 570,000 files before leaving the company. How did this happen? Monitoring software that assesses employee activity could have been utilized by Yahoo! to prevent this data leak from occurring. Employee monitoring software regularly checks for malicious activity, negligence, or any other potential red flags, such as a mass download of files, and alerts those within the company who would be in charge of cybersecurity. 

• In 2023, Tesla suffered a massive data leak involving former employees leaking personal information and insider production information. Two former employees leaked over 23,000 internal documents to a German news outlet, which immediately contacted Tesla to inform them of the leak. How did this happen? Although the exact reason the employees gained access is still confidential, experts suggest it was a lack of revoking user permissions post-termination. Ensuring your company has adequate termination or offboarding protocols is vital to protecting sensitive data from malicious activities. 

In summary, insider threats are dangerous in cybersecurity because they exploit legitimate access and trust within an organization, making them hard to detect and capable of causing significant harm. Learning from these companies’ mistakes could help save your company from potentially millions of dollars in damages. 

Sources

“Tesla says former employees leaked thousands of personal records to German news outlet.” SC Media. Derek Johnson. https://www.scworld.com/news/tesla-says-former-employees-leaked-thousands-of-personal-records-to-german-news-outlet

“7 Real-Life Data Breaches Caused by Insider Threats”. Ekran System. Liudmyla Pryimenko. https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches

“Cost of Insider Threats”. Ponemon Institute.  DTEX Systems. https://www2.dtexsystems.com/l/464342/2023-09-15/3w7l7k/464342/1694800570ZwvyrzsD/2023_Cost_of_Insider_Risks_Global_Report___Ponemon_and_DTEX___Dgtl.pdf