Sign up to our newsletter
The UK’s communications regulator Ofcom is investigating what could be the biggest data breach in its history. It is understood that the incident was caused internally – unknown to Ofcom, a former employee had been surreptitiously gathering data over a six-year period.
The breach only came to light after the individual offered the information to his new employer, a major TV broadcaster, the Guardian reported. In response, the senior management team at the yet to be revealed broadcaster ‘did the right thing’ by alerting Ofcom.
“On 26th February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee,” a spokesman for Ofcom was quoted by the newspaper as saying.
“This was a breach of the former employee’s statutory duty under the Communications Act and a breach of the contract with Ofcom.”
It went on to say that data protection is something that it takes “very seriously”, expressing “disappointment” in the behavior of its former employee. Further, it explained that while the size of the breach is significant, the “extent of the disclosure” was nevertheless limited.
“[It] has been contained, and we have taken urgent steps to inform all parties,” the spokesman concluded.
According to a study published at the end of last year, employees represent one of the biggest threats to an enterprise’s cybersecurity program. Nuix’s Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices, found that that 93% of respondents are of the opinion that their own staff are a huge risk.
“The findings in this report are of no surprise – they represent the same issues and concerns that we’re advising our customers on every day,” Keith Lowry, senior vice president of business threat intelligence and analysis at Nuix, said at the time.
“First, there’s greater awareness of insider threats thanks to the public profiles of Chelsea Manning and Edward Snowden. It’s also easier to steal information; for example, you can copy key files onto a thumb drive in seconds.”
Author Narinder Purba, We Live Security