Today, we're going to examine two recent data leak incidents caused by employees.
In Jakarta, a man was charged with selling financial information on his former employer’s clients on a DarkNet forum. The incident came to light in July 2020 after one of the employees of the BCA bank received a complaint from a customer.
The data on 20,000 people on sale included:
- Online banking account numbers
- Mobile numbers
- Transaction information on those accounts.
The data was posted from the account of a breachforum member known by the nickname KillTheBank. After an investigation, the police officers managed to identify the culprit. The person in question is a 28-year-old resident of Tebet, South Jakarta. He was an employee of the online lending platform of BCA bank from 2017 to 2020, and allegedly stole the data.
According to the police investigating the case, the motive for selling confidential data was personal gain and a desire to get back at his superiors. The amount earned by the suspect is unknown. He currently faces more than five years in prison and a fine.
The second incident was also a data leak, but unlike the first one, it was not deliberate . The data on more than 1.4 million users was stolen because an employee accidentally saved the key’s software code in a GitHub repository. The incident happened with the cashback platform ShopBack. Two days after the key was added to the repository, a team member discovered the mistake and removed the key. However, it could still be seen through the commit history in GitHub.
The access key in question granted all administrative privileges. As a result, the attacker discovered the key and used it to gain access to ShopBack's customer storage servers.
The data, offered for sale on an online forum included:
- More than 1.4 million email addresses
- 840,000 names
- 450,000 mobile phone numbers
- 300,000 bank account numbers
- Partial information on 380,000 credit cards.
ShopBack was fined $74,400 by Singapore's data protection watchdog in connection with the incident.
Unfortunately, data leaks caused by employees are not uncommon, We often report on similar incidents, including Sabotage of a water treatment facility and data theft by an employee in Central Florida.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!