• HOME

  • ABOUT

  • SOLUTIONS

  • PAPERS AND PUBLICATIONS

  • CONTACT

  • Blog

  • More

    washingtoncybercenter.com

    © 2023 by Marketing Solutions. Proudly created with Wix.com

    Cybersecurity and Connected Vehicles

    December 11, 2019

    Cybersecurity, the Holiday Season and the Grinch

    December 6, 2019

    Cybersecurity, Vendors and Stolen Laptops

    December 2, 2019

    Cybersecurity and Dental Services

    November 29, 2019

    Cybersecurity and IT Firms

    November 25, 2019

    Cybersecurity and Small Town Attacks

    November 22, 2019

    Cybersecurity and Online Gaming

    November 18, 2019

    Cybersecurity, Backup Services and Ransomware

    November 15, 2019

    Cybersecurity, PLCs and DoS

    November 4, 2019

    Cybersecurity and Student Loans

    November 1, 2019

    Please reload

    Recent Posts

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Featured Posts

    SunTrust Insider Threat: Potential Issue for 1.5M Clients

    June 25, 2018

    |

    Charles Parker, II

    Insider threats have to be taken seriously and accounted for in some form or manner. Although  business owners would hope this would not be an issue, and employees can be trusted, at times it still is. Business owners or senior management should always be aware of the potential for insider issues since an attack from the inside has the potential to be devastating, especially when the insider is acting maliciously.

       

    A recent and unfortunate incident involved SunTrust. One of their former employees in February 2018 attempted to steal data on an estimated 1.5M clients. The prior employee’s intent was to sell this to a third party for criminal purposes.

       

    Any data stolen is not a good thing for the institution and the clients. In this case, it could have been much worse. The data stolen was the client’s name, their address, phone number, and account balances. Fortunately, the PII (e.g. social security number, account number, PIN, User ID, password, or driver’s license number) was not.

       

    Although the prior employee did work to copy the data, the employee was not able to remove the data from the bank.

       

    In other insider malicious attacks, the results have been far worse. The more data that is stolen and exfiltrated, the greater level of potential liability. To alleviate a majority of this potential issue, the businesses should put in place a robust program or set of programs to monitor the behavior of employees. This would act to safeguard the data and report issues in a timely manner.


     

    Resources

    E-Hacking News. (2018, April 23). SunTrust bank’s former employee stole details of 1.5 million. Retrieved from http://www.ehackingnews.com/2018/04/suntrust-banks-former-employee-stole.html


     

    Zorz, Z. (2018, April 23). Former SunTrust employee stole data on 1.5 million clients. Retrieved from https://www.helpnetsecurity.com/2018/04/23/suntrust-stolen-data/

     

    About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

    Share on Facebook
    Share on Twitter
    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    December 2019 (3)

    November 2019 (7)

    October 2019 (7)

    September 2019 (9)

    August 2019 (10)

    July 2019 (8)

    June 2019 (9)

    May 2019 (10)

    April 2019 (9)

    March 2019 (10)

    February 2019 (8)

    January 2019 (9)

    December 2018 (8)

    November 2018 (9)

    October 2018 (9)

    September 2018 (7)

    August 2018 (9)

    July 2018 (9)

    June 2018 (11)

    May 2018 (6)

    April 2018 (9)

    March 2018 (9)

    February 2018 (8)

    January 2018 (6)

    December 2017 (8)

    November 2017 (7)

    October 2017 (10)

    September 2017 (9)

    August 2017 (10)

    July 2017 (8)

    June 2017 (10)

    May 2017 (8)

    April 2017 (7)

    March 2017 (8)

    February 2017 (7)

    January 2017 (8)

    December 2016 (11)

    November 2016 (14)

    October 2016 (14)

    September 2016 (8)