[ISN] Data breach at Progressive highlights insider threat

From: InfoSec News (isn@private)
Date: Thu Apr 06 2006 - 22:33:56 PDT


http://www.computerworld.com/securitytopics/security/holes/story/0,10801,110303,00.html

By Jaikumar Vijayan 
APRIL 06, 2006 
COMPUTERWORLD

A recent case in which an employee at Progressive Casualty Insurance
Co. wrongfully accessed information on foreclosure properties she was
interested in buying highlights again the dangers posed to corporate
security by insiders.

Progressive officials today confirmed that the company sent out
letters in January to 13 people informing them that confidential
information, including names, Social Security numbers, birth dates and
property addresses had been wrongfully accessed by an employee who has
since been fired.

Michael O'Connor, a spokesman for the Mayfield Village, Ohio-based
company, said officials were alerted to the situation when a local
woman complained about receiving calls from a Progressive agent
inquiring about her house being under foreclosure.

"What happened was that the former employee, who purchased foreclosure
property, wrongly used the information in a real estate database,"  
O'Connor said. Though there was no actual hacking involved to get at
the data, her actions constituted a violation of Progressive's code of
ethics, O'Connor said.

"We investigated the situation, the employee was terminated, and we
alerted the people whose data was accessed," he said, adding that the
matter was resolved in January.

Such incidents underscore the threat posed to corporate data by
malicious insiders and by workers who accidentally leak sensitive
information, said Phil Neray, a vice president at Guardium Inc., a
Waltham, Mass.-based vendor of database security products. "Most
companies have done a good job with perimeter security" and are now
finding out they need similar controls internally, Neray said.

The trend is behind a growing need for tools that help companies
monitor, detect and audit all activity going on inside networks,
databases and applications, he said.

One such tool from Reconnex Corp. has been helping Sirva Inc., a
Westmont, Ill.-based provider of relocation services with more than
7,000 employees worldwide, keep tabs on its intellectual property and
other sensitive data while the company goes through a series of
divestitures.

"One of the things that happens after a divestiture is that people
take the stuff they are working on to their new companies," and Sirva
needed a way to prevent that, said Chuck Shmayel, vice president of
infrastructure and security at the company. Reconnex's appliance sits
at Sirva's network-egress points in each of its four data centers and
monitors traffic to ensure that confidential information doesn't exit
its networks, either by accident or design.

"As a relocation service, we handle a lot of confidential information
on behalf of our customers, and we want to make sure it's protected,"  
he said.

Implementing specific controls for monitoring what's flowing out of
enterprise networks can go a long way towards mitigating accidental
and deliberate data leaks, said Mark Moroses, senior director of
technical services at Maimonides Medical Center in Brooklyn, N.Y.

As an entity covered by the Health Insurance Portability and
Accountability Act, Maimonides is required by law to have controls for
securing protected health information (PHI). The hospital is using
Reconnex's appliance to detect PHI leaving its networks in an
unauthorized fashion, Moroses said.

"From our point of view, the insider threat comes from people either
knowingly or unknowingly damaging our reputation" by leaking sensitive
information, Moroses said. "Patients come here for AIDS tests and for
pregnancy tests that they don't want to share" with other people, he
said. "A patient is not going to come to our hospital if they think we
are not doing everything to protect their information. So our
reputation is paramount because it affects our bottom-line business."



_________________________________
LayerOne 2006 : Pasadena Hilton : Pasadena, CA
Infomation Security and Technology Conference
http://layerone.info



This archive was generated by hypermail 2.1.3 : Thu Apr 06 2006 - 23:00:39 PDT