Hackers work hard to access sensitive data, but data loss can happen by accident, too. Surprisingly, many of the security breaches of recent years are due to human error. In this article, we’ll explore three cases of accidentally published leaks and discuss how to safeguard your information in the future.
Data of 4 Million Norwegians Accidentally Sent to the Media
In 2008, Norway reportedly had a population of about 4.8 million people. During the month of September of that year, Norwegian tax authorities sent CD-ROMs filled with the 2006 tax returns of nearly 4 million people to the media. This means the data breach affects about every person in that country.
Before you panic, the breach isn’t quite as serious as you think. Since 1863, tax returns have been publicly available. Since 2002 you can view tax returns online from the comfort of your home. So it’s fine that tax authorities sent these tax records to the editorial staff at national newspapers, radio stations, and television stations.
But here is the problem: the Norwegian equivalent of the American Social Security number called a personal number is highly confidential. And the tax records included these numbers.
Tax authorities stressed that the CDs could only be opened by using a secret code, which should have limited the possibility of spreading the information, and demanded the return of the CDs in order to protect the personal information of their citizens.
This incident shows how important it is to carefully plan for the transfer of files containing sensitive information. As with a Social Security number, a personal number can be used to open bank accounts, change addresses, obtain credit, and more. When this information gets into the wrong hands, it can be devastating for the victims.
Security Breach Affects Jefferson County Residents
In October 2008, Jefferson county clerk Jennifer Maghan was able to help people search records more efficiently by making certain information available online. She published property deeds, titles, judgements, and tax liens using the county’s new online program.
According to Maghan, only 211 people searched the database for the first few days and most of those were looking at their own property deeds, but she doesn’t know that for sure. By publishing this information on the Internet, she made a grievous mistake: Social Security numbers were listed alongside other information about Jefferson County residents.
It’s easy to reiterate that including failing to remove Social Security numbers from the published records was irresponsible, but mistakes like this could happen to anyone. And no matter how good we become at using technology, the human element is always going to be involved in some way.
Australian Government Leaks Personal Information about World Leaders
It’s one thing for a county clerk to make a mistake, but it’s much worse when it happens at the federal level. In 2005, an employee of the Australian immigration department made a serious mistake by accidentally emailing personally identifiable information to the wrong person.
The personal information that was breached includes names, dates of birth, titles, nationalities, passport numbers, visa grant numbers, and visa subclasses of 31 international leaders planning to attend the G20 leaders’ summit. President Barack Obama was one of them.
While only a few people were affected by this breach, this situation is much more serious because the victims of the breach are world leaders. At the very least, it makes Australia’s immigration department look careless and incompetent. The worst part of this case may be that the Australian government decided not to tell the affected leaders about the breach.
The recipient of the email, the local organizing committee of the Asian Cup, deleted the email and removed the information from its servers. And since all evidence of the breach has been removed, authorities deem it highly unlikely that the information is publicly available.
The Risk for Human Error Shouldn’t Be Downplayed
It’s important to take cyber security seriously, but at the same time companies shouldn’t downplay the risk for human error. Even the most sophisticated Internet security suite will not prevent your employees from accidentally emailing sensitive information to the wrong person if they’re in a rush. It’s also quite possible to publish information without realizing that it contains sensitive data, too.
The best strategy might be to create a chain of authorization when dealing with publicizing data or working with sensitive information. At the very least, your company should have procedures in place that dictate how to deal with the documents your company generates.
Take Advantage of eFileCabinet’s Role-based User Access
One of the things your company can do to prevent accidental data leaks is to limit your employees’ access to your documents. It’s not necessary for every employee to have access to all of the information your company collects. In fact, the less data your employees have access to, the less likely it is for them to accidentally leak sensitive information. eFileCabinet makes it easy to set up role-based user access and keep your information safe.