NYPD faces ID theft risk after data stolen from pension fund
Data recovered, but 80,000 current and former cops may be affected
March 5, 2009 12:00 PM ETComputerworld - In a demonstration of how no organization is immune from insider threats, the New York City Police Pension Fund (PPF) office is notifying about 80,000 current and former NYPD officers of the potential compromise of their personal information after a civilian employee recently stole storage media containing the data.
A sample alert (download PDF) posted on the pension fund site identified the individual as an employee of the PPF and said he was arrested Feb. 27 after a security breach at one of the pension fund's disaster recovery sites.
At the time of the arrest, the individual was discovered to be in possession of "certain business records" containing data about retired and active members of the NYPD. The compromised data included Social Security numbers, names, addresses and bank account information, the statement said.
"Even though the property was recovered, we cannot assure you that the information was not compromised," the statement said regarding why it was sending out the notifications.
Several news media reports identified the arrested individual as Anthony Bonelli, 46, the fund's director of communications. A brief description of the incident on the New York Post Web site said Bonelli had allegedly gained unauthorized access to a backup facility on Staten Island, unplugged security cameras and then walked out with eight storage tapes containing the data.
Comments that Bonelli made at work raised suspicions and led to an investigation of the disaster recovery site by technology specialists who then discovered the theft, the Post said. The tapes were recovered from Bonelli's home at the time of his arrest.
A phone call to the NYPD requesting confirmation of these details as well as the number of officers affected by the incident was not immediately returned.
According to the pension fund alert, the breach did not affect those hired after May 2007, because all data after that date is stored in encrypted form. Also not affected in the incident was any information relating to the undercover identities of NYPD officers, the alert said.
The breach highlights the well-documented risks that organizations face from rogue employees. Over the past several years, security experts have said that malicious insiders pose as much of a risk, if not an even greater one, to corporate data than external attackers do. Several high-profile incidents at organizations such as DuPont, the city of San Francisco and Medco Health Solutions Inc. have hammered home that point.
Lately, however, those fears have been exacerbated by concerns over the economy and the resulting waves of layoffs and consolidations as companies seek to cut costs and stay afloat.
A recent survey by the Ponemon Institute of 945 individuals who were laid off, fired or quit their jobs showed that nearly six out of 10 admitted to stealing company data and nearly seven in 10 said they used confidential information from their previous jobs to land a new one.
According to the survey, individuals who felt negatively about the company they were leaving tended to steal data far more often than those who had a favorable view.
Read more about security in Computerworld's Security Knowledge Center.
NYPD
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

