But a recently publicized incident involving AT&T shows that the threats may also be from within. As The New York Times reported:
“[I]t serves as a cautionary tale about the types of information that employees at technology and communications companies can retrieve just by breaking the rules, no hacking required.”
What happened? According to the Times, “AT&T, the telecommunications provider, said on Monday that it had fired an employee who inappropriately gained access to customer information this year, possibly including Social Security and driver’s license numbers.”
While the breach was relatively small (1600 people affected), the company dealt with the breach by sending out letters to those affected and paying for credit monitoring services.
What else should you do in a breach? Well, next week, I’m heading up a major Data Privacy & Cybersecurity Summit where we will discuss exactly that topic — particularly as it applies to employee data. The summit is scheduled for October 16th in Cromwell. Co-sponsored with the Connecticut chapter of SHRM, the program includes speakers from GE, ESPN and the Connecticut Attorney General’s office. The cost is just $75 and includes breakfast, lunch and materials. You can register here.