How did that happen? It was marked ‘Confidential’.
Hope you’ve never heard that statement. In a recent blog, I referenced the study on cyber crime that cites ‘malicious insiders’ as one of the leading causes of cyber crime. I just read an interesting article that highlights the issue regarding the posting of confidential information to Google.
It seems that the Southern Environmental Law Center (SELC) had a breach of confidential donor information (i.e. real estate, professional histories, stock holdings, etc.) as well as a U.S. passport application, credit card statements, strategy papers and personnel evaluations for a pair of interns. All of this information ended up being posted on Google.
Not to get into the details (although you can read the entire article here), the organization did contact the FBI and Google immediately. The article did not reveal if this was an ‘inside job’ of a malicious employee or the site had actually been hacked by a nefarious pro who had absconded with the confidential information.
Now what surprised me is the statement by their General Counsel, which states “This is highly confidential information that someone took and has now disclosed to the public despite the fact that it’s marked confidential.”
Excuse me!! Just because information is marked ‘Confidential’ does not mean that it cannot be posted to all sorts of unauthorized sites, whether internal or external. It is a somewhat naive statement, particularly in light of the type of information they collect.
So my question is, what precautions does your organization take to protect confidential information?