A recent data breach discovered at the Insurance Corporation of British Columbia (ICBC) has now been tied to a series of shootings and arsons targeting staff and students of a law enforcement training academy.
According to the Globe and Mail, the Royal Canadian Mounted Police (RCMP) have corroborated reports of an internal security breach at the ICBC, the province's publicly owned auto insurance organization. A claims adjuster was summarily fired from her position after it was learned that she obtained unauthorized access to the files of 65 individuals.
The incident has raised question's about ICBC's data security protocol and will now merit a comprehensive investigation from the Office of the Privacy Commissioner.
"This is an open, active file," Privacy Commissioner Elizabeth Denham told the Globe and Mail. "We are deeply concerned for the affected customers and the general public. We want the public to know that this is a high priority for our office."
The data breach has taken on added significance, however, as new details emerge regarding a string of violent acts perpetrated against 13 individuals with current or former ties to the Justice Institute of British Columbia. During a routine investigation of these crimes, the RCMP found that all 13 victims were affected by the ICBC privacy breach, potentially suggesting the existence of a more elaborate conspiracy.
"We have every reason to believe this individual did not act on their own, and that this person in involved with other individuals," RCMP Sergeant Peter Thiessen told reporters. "There were houses set on fire, there were houses shot up, there were cars shot up. Somebody could easily have been killed."
Although the exact motives behind the ICBC incident have not been discovered, it is clear that access governance loopholes were exploited. According to the Globe and Mail, an internal audit revealed that the perpetrator had accessed files "with no real business to do so."
Recent research from the Ponemon Institute suggests that a surprising amount of organizations may be vulnerable to similar attacks. In a survey of 5,000 IT professionals, more than half indicated that they were given access to privileged information beyond the requirements of their job functions, and six in 10 admitted to accessing sensitive information out of curiosity as opposed to necessity.
Organizations that manage sensitive public information are rightly expected to take every precaution to ensure that data remains protected. However, it appears as though the fundamental threats posed by internal inconsistencies may be more pressing than cybercriminal activities that have garnered publicity in recent months.
Data Security News from SimplySecurity.com by Trend Micro