A former council employee has been cautioned by police after admitting taking tens of hundreds of residents’ emails from a database so as to promote a enterprise, it has been revealed.
The information breach happened in November final 12 months when 79,000 e-mail addresses had been copied from a backyard waste assortment database. They had been taken by an worker, now now not working for the council, “with the aim of selling a enterprise not associated to the council,” the native authority mentioned.
A separate database of e-mail addresses from Warwick District Council had been additionally impacted by the breach.
The previous council employee has apparently apologized for his actions and given assurances that every one e-mail addresses have been deleted. He was cautioned below the Information Safety Act 2018.
Learn extra on insider threats: House Working Drives 44% Surge in Insider Threats
Stratford-on-Avon District Council CEO, David Buckland, additionally apologized for the incident.
“It is very important stress that this data solely contained e-mail addresses, it didn’t comprise any financial institution particulars, or names and addresses,” he added.
“We’ve concluded via our investigations that this information breach was a deliberate act by a person, and never a breakdown of the sturdy inside controls we now have in place.”
Safety specialists had been fast to warn of the potential harm that malicious insiders may cause organizations.
Javvad Malik, lead safety consciousness advocate at KnowBe4, argued that even e-mail addresses might be a treasure trove for phishing actors, in the event that they received into the improper fingers.
“That is why it’s necessary to have the best technological controls in place which might limit entry to delicate data for official enterprise functions solely,” he added.
“Nevertheless, this incident additionally illustrates that technical controls alone are inadequate. A powerful safety tradition, underpinned by common coaching and a transparent understanding of the results of knowledge misuse, is crucial.”
Jamie Akhtar, CEO and co-founder of CyberSmart, argued that the cost-of-living disaster is forcing many staff to take dangers like this.
“However, the answer just isn’t for enterprise leaders to view their employees with suspicion or as a menace. As a substitute, employers should be aware of how their employees are dealing with monetary uncertainty or hardship,” he concluded.
“If something, this story highlights the significance of conducting common safety consciousness coaching and in addition the necessity to present up for workers with empathy and assist.”
