NYPD faces ID theft risk after data stolen from pension fund
Data recovered, but 80,000 current and former cops may be affected
Computerworld - In a demonstration of how no organization is immune from insider threats, the New York City Police Pension Fund (PPF) office is notifying about 80,000 current and former NYPD officers of the potential compromise of their personal information after a civilian employee recently stole storage media containing the data.
A sample alert (download PDF) posted on the pension fund site identified the individual as an employee of the PPF and said he was arrested Feb. 27 after a security breach at one of the pension fund's disaster recovery sites.
At the time of the arrest, the individual was discovered to be in possession of "certain business records" containing data about retired and active members of the NYPD. The compromised data included Social Security numbers, names, addresses and bank account information, the statement said.
"Even though the property was recovered, we cannot assure you that the information was not compromised," the statement said regarding why it was sending out the notifications.
Several news media reports identified the arrested individual as Anthony Bonelli, 46, the fund's director of communications. A brief description of the incident on the New York Post Web site said Bonelli had allegedly gained unauthorized access to a backup facility on Staten Island, unplugged security cameras and then walked out with eight storage tapes containing the data.
Comments that Bonelli made at work raised suspicions and led to an investigation of the disaster recovery site by technology specialists who then discovered the theft, the Post said. The tapes were recovered from Bonelli's home at the time of his arrest.
A phone call to the NYPD requesting confirmation of these details as well as the number of officers affected by the incident was not immediately returned.
According to the pension fund alert, the breach did not affect those hired after May 2007, because all data after that date is stored in encrypted form. Also not affected in the incident was any information relating to the undercover identities of NYPD officers, the alert said.
The breach highlights the well-documented risks that organizations face from rogue employees. Over the past several years, security experts have said that malicious insiders pose as much of a risk, if not an even greater one, to corporate data than external attackers do. Several high-profile incidents at organizations such as DuPont, the city of San Francisco and Medco Health Solutions Inc. have hammered home that point.
Lately, however, those fears have been exacerbated by concerns over the economy and the resulting waves of layoffs and consolidations as companies seek to cut costs and stay afloat.
A recent survey by the Ponemon Institute of 945 individuals who were laid off, fired or quit their jobs showed that nearly six out of 10 admitted to stealing company data and nearly seven in 10 said they used confidential information from their previous jobs to land a new one.
According to the survey, individuals who felt negatively about the company they were leaving tended to steal data far more often than those who had a favorable view.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts