What the Hillary Clinton email scandal proves is that you don’t even need a proven data leak to brew a public relations storm. The media will punish you nevertheless. It was recently discovered that Hillary Clinton ran a private email server from home for all emails, including work related ones. This makes it easy for eavesdroppers to obtain state secrets. (Which they can do without her knowing) Given that she is Secretary of State and in regular contact with the President, this is bad news for US national security. How bad? The backlash is severe and may affect her chances of securing Presidency at the next election. She is not alone though. History is littered with many examples of how disastrous, even a potential data leak may be.
1. Bank of America
In 2005, the Bank of America lost unencrypted backup tapes containing the banking and credit card details of 1.2 million federal employees (including senators). This was embarrassing. Technology executives were forced to issue public statements about the loss and regulators made fresh inquiries into whether new regulations were needed.
2. NARA
In 2009, the National Archive and Records Administration lost two unencrypted hard drives. One contained the names and social security numbers of 76 million US military veterans. The other contained the private information and social security numbers of 250000 White House employees (including the daughter of Al Gore). They were thrashed by the media and had to compensate the victims. A $50,000 bounty was also offered for the missing hard drives. Not sure if that offer still stands.
3. Emory Healthcare
In 2012, Emory healthcare misplaced 10 unencrypted backup discs containing 315,000 patient file records and social security numbers. These were misplaced or stolen after being placed in an unlocked cabinet. They were never found. The CEO of the company had to publicly apologise for the data breach.
This may seem extreme but this is more commonplace than you would think, even in companies with solid IT Security controls. Voltage security found that 85% employees bypass security controls to get access to more data and 46% companies have breached security controls to avoid the possibility of a sales loss. The worst offenders are senior managers. Stroz Friedberg found that senior executives are the guiltiest culprits when it comes to sending work emails to their personal email and taking intellectual property with them when they leave the job.
To defend against this, classify information, encrypt your data and increase security awareness across all levels.
My Security World 