Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Computershare sues former risk employee for data theft

Australian share registry Computershare has confirmed that it is suing a former risk employee who allegedly downloaded thousands of pages of sensitive company data on to a USB drive that was subsequently lost.

  0 1 comment

Computershare sues former risk employee for data theft

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The ongoing litigation, initiated in the US in February, was first reported by Kapersky Labs' Threat Post blog earlier this week.

Computershare has denied that the data at risk contains sensitive shareholder information, but admits that it has yet to retrieve company email and documents that outline details of internal audits and future business plans.

The employee, who worked as an internal auditor for the firm, is being pursued through the US courts by Comptershare over charges relating to violations of the Computer Fraud and Abuse Act.

The suit is ongoing, after the company discovered that the employee, named as Kathayann Pace, siphoned the data from her laptop to two seperate USB drives.

Pace claims that she lost the USB drives, but Computershare says an analysis of her personal laptop indicates that the drives were in use throughout the period she maintained that they had been misplaced.

Sponsored [New Event Report] AI’s Role in the US Financial Services Sector: Balancing Innovation and Compliance
 

Share

 
 
 
 
 

Related Company

ComputerShare

Channels

/regulation & compliance /security /wholesale banking

Comments: (1)

A Finextra member 

This case is just the latest example of how “trusted insiders” can pose a risk to an organisation’s data security defences and how they continue to by-pass them altogether, only to get found out when it’s too late. It highlights that while most organisations have invested heavily in securing their systems from “external” threats, there has been proportionately less investment in mitigating the threat from inside, by implementing robust user activity monitoring and effective control systems.

However, what this scenario also underlines is the importance of user education and getting employees, subcontractors and third party vendors to not only treat company data with the utmost respect, but also to get them to understand that controls and monitoring are in place to identify security gaps and avoid data leakage in the first place.

At the end of the day, no matter what systems and processes a company has in place, if an ‘insider’ wants to steal data, there is a residual risk that they will find a way of doing so. However, they will be disinclined to attempt data theft if they know that they are likely to be found out; either before the event (through automatic alert generation) or after the event (through forensic examination of user activity logs).

Through such user activity monitoring, Computershare may well have avoided the litigation costs and reputational damage associated with this recent case.

Related news

HSBC private client data breach widens

Bank of Ireland loses USB stick containing customer data

Banks struggling in fight against insider fraud - study

[On-Demand Webinar] PREDICT 2025: What the National Payments Vision means for the UKFinextra Promoted[On-Demand Webinar] PREDICT 2025: What the National Payments Vision means for the UK

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept