Usher, 10,000 BC, and your company’s confidential spreadsheets could all be out there for the world to grab. Here’s how these data leaks happen and what you can do to prevent them.
By John Foley, InformationWeek
What might have been a minor breach of IT policy at Pfizer last year cascaded into a serious security incident when the personal data of 17,000 employees and former employees leaked onto a peer-to-peer network. Connecticut’s state attorney general, concerned that state residents were at risk, launched an investigation. At least one former employee filed a lawsuit against the company.
It all started when the spouse of a Pfizer employee used file-sharing software on a company laptop, presumably to swap music or other content with other P2P users. Unknowingly, the laptop user also exposed 2,300 work files, including those containing sensitive Pfizer employee data–names, Social Security numbers, addresses, and bonus information resident on the laptop.
Pfizer isn’t the only company to have its sensitive data exposed in this way. A former employee of ABN Amro Mortgage Group last year exposed spreadsheets with personal data on 5,000 customers from a home computer loaded with the BearShare file-sharing program. And last fall, a terrorist threat assessment of Chicago’s transit system, completed by Booz Allen Hamilton under contact to the Federal Transit Administration, surfaced on a P2P network.