No matter how sophisticated your company’s cyber defenses are, there’s always one huge vulnerability you can’t mitigate completely – people. Company employees are the most common means of cyberattacks. Whether it is intentional or due to negligence, your employees can easily cause a significant amount of harm to your business. In the HackControl blog, we have written many articles about social engineering and the importance of training your employees to recognize these types of threats. Today, we will give you several examples of massive security breaches that were caused by staff at various companies, as proper awareness is the first step to mitigating the threat of job rotation security breaches.
Table of Contents
Biggest cybersecurity breaches that were caused by company employees
Snapchat breach
In 2016, a Snapchat employee was tricked by an email that was disguised to look like it was coming from the company’s CEO Evan Spiegel. In the email, the attacker requested payroll information about over 700 former and current Snapchat employees. The employee who received the email failed to recognize it as a phishing attempt and sent over the information.
City of Calgary information leak
In 2017, an employee of the City of Calgary in Canada emailed information about nearly 4,000 of the city’s employees to another person in Alberta. The email in question contained employee medical records, dates of birth, home addresses, salary information, Alberta Health Care and Social Security numbers, as well as information about Workers’ Compensation Board claims. The affected employees sued the City of Calgary for nearly $100 million CAD.
FDIC security breach
The next security breach happened in 2016 when an FDIC (Federal Deposit Insurance Corporation) employee downloaded private information about nearly 45,000 customers to a USB stick prior to leaving the organization. The organization’s officials claimed that this action was unintended and the employee did not have any malicious plans. It took FDIC 3 days to find out that the information was downloaded and the former employee who caused the breach returned the flash drive and signed a document stating that the information it contained wasn’t used.
Equifax data leak
This list of security breaches would not be complete without the infamous Equifax breach that exposed private information belonging to more than 140 million Americans. The breach was investigated by the US Congress, with the company’s CEO Richard M. Smith having to give testimony. The head of the company stated that the breach was caused by a technology department employee failing to make proper updates to the company’s software.
EnerVest disgruntled employee attack
Not all security breaches are caused by negligence, incompetence, or lack of knowledge. Sometimes, employees can cause intentional damage. For example, a network engineer who worked for a company called EnerVest discovered that he was going to be let go from his place of employment. In retaliation, he performed a factory reset of all the systems in the company.