Insider Risk

The disgruntled employee insider threat

By Veriato Team

Computerworld UK has a great article out on the insider data breach at Morrisons supermarkets in the United Kingdom.

In March 2014 the theft and leaking of payroll data on 100,000 employees for Morrisons was made public. The data taken included back account details, and was published online and sent via disc to at least one newspaper.

At trial, the prosecution has said that the employee “decided to publish the database containing employee names, addresses, bank account numbers and national insurance numbers in revenge for being incorrectly disciplined for receiving packages at the company’s head office.”

The alleged leaker wrote in a resignation letter days before the incident occurred “I have almost as little concern for the company as it does for me” according to the prosecution.

This is a textbook disgruntled employee insider threat case study. An employee, one who by nature of their position has authorized access to sensitive data and systems, perceived (possibly rightly, possibly not) that the organization wronged him, and sought retribution. Estimates for the amount Morrisons has spent on remediation seem to be around 2 million pounds (a bit over $3.1M at todays conversion rate).

The Computerworld UK article asks how someone was able to steal the entire employee database, and we may learn more details around that as the case progresses. As with all insider attacks, the unique challenge making sure authorized access is used for its intended purpose exists. With insider threats, there must be a dedicated detection program in place – one that combines technology, people, and process.

Based on what we have learned to date, it appears that tighter coordination between Human Resources and Information Security would have helped here. Had HR communicate to InfoSec that elevated risk existed involving the disciplined employee (which can be done without violating employee privacy by revealing the reasons why if a simple process is in place), InfoSec could have reacted to that by increasing inspection of the activity of this employee. Employee monitoring solutions make that job easier for InfoSec than attempting to do it using tools that are not purpose built for the task.

How to Rebrand
“Bossware”at Your
Company

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...