NYPD faces ID theft risk after data stolen from pension fund
Data recovered, but 80,000 current and former cops may be affected
Computerworld - In a demonstration of how no organization is immune from insider threats, the New York City Police Pension Fund (PPF) office is notifying about 80,000 current and former NYPD officers of the potential compromise of their personal information after a civilian employee recently stole storage media containing the data.
A sample alert (download PDF) posted on the pension fund site identified the individual as an employee of the PPF and said he was arrested Feb. 27 after a security breach at one of the pension fund's disaster recovery sites.
At the time of the arrest, the individual was discovered to be in possession of "certain business records" containing data about retired and active members of the NYPD. The compromised data included Social Security numbers, names, addresses and bank account information, the statement said.
"Even though the property was recovered, we cannot assure you that the information was not compromised," the statement said regarding why it was sending out the notifications.
Several news media reports identified the arrested individual as Anthony Bonelli, 46, the fund's director of communications. A brief description of the incident on the New York Post Web site said Bonelli had allegedly gained unauthorized access to a backup facility on Staten Island, unplugged security cameras and then walked out with eight storage tapes containing the data.
Comments that Bonelli made at work raised suspicions and led to an investigation of the disaster recovery site by technology specialists who then discovered the theft, the Post said. The tapes were recovered from Bonelli's home at the time of his arrest.
A phone call to the NYPD requesting confirmation of these details as well as the number of officers affected by the incident was not immediately returned.
According to the pension fund alert, the breach did not affect those hired after May 2007, because all data after that date is stored in encrypted form. Also not affected in the incident was any information relating to the undercover identities of NYPD officers, the alert said.
The breach highlights the well-documented risks that organizations face from rogue employees. Over the past several years, security experts have said that malicious insiders pose as much of a risk, if not an even greater one, to corporate data than external attackers do. Several high-profile incidents at organizations such as DuPont, the city of San Francisco and Medco Health Solutions Inc. have hammered home that point.
Lately, however, those fears have been exacerbated by concerns over the economy and the resulting waves of layoffs and consolidations as companies seek to cut costs and stay afloat.
A recent survey by the Ponemon Institute of 945 individuals who were laid off, fired or quit their jobs showed that nearly six out of 10 admitted to stealing company data and nearly seven in 10 said they used confidential information from their previous jobs to land a new one.
According to the survey, individuals who felt negatively about the company they were leaving tended to steal data far more often than those who had a favorable view.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!