06/08/2015

Data Loss Disaster: A Sobering Tale

by Neil Farquharson


Australian Jason Wang was pleased with the purchase of his $200 Groupon gift card to be used at a local Woolworths, a large grocery chain. However he was not so happy when he checked his online account to discover his balance was zeasteroidro. His $200 was gone. He wasn’t alone: according to this article, an email sent by a Woolworths employee to hundreds of customers contained the wrong attachment. Instead of including details to redeem their vouchers, the attachment contained not only the codes to access all 8,000 of these vouchers, but also the email addresses and names of over one thousand customers who had paid for the vouchers. Make no mistake: this is a public relations disaster for a well-known brand. Included in the news was the case of another customer, Mr. James, who "was embarrassed in front of a large number of people" after he attempted to buy his weekly groceries using his legitimately purchased gift card, only to be told by Woolworth staff he was using a stolen card. Mr. James subsequently abandoned his grocery cart at the checkout and later stated to reporters, "I tried to call Woolworths, but no one picked up the phone.” Is it likely he will ever shop at Woolworths again? I don’t think so. Was this a security breach perpetrated by a hacker? Regrettably no: it was a mistake made through human error; it was an understandable and, I believe, predictable mistake made most likely by a conscientious employee of Woolworths. What did the employee do to cause this catastrophe? He had computer files with similar looking names and accidentally attached the wrong one, an Excel file. What is most sad about this incident is that it was preventable. We already know – or should know – that employees make errors. It is ineffective to ask employees to check their every activity. They could do this, but their productivity would be drastically decreased as they check their work and check again and, just to be safe, check again. The answer is obvious: automation. Computers can stay alert 24 hours a day, every day, and software can be automatic, repeatable and consistent in its real-time checking of email content. We call this Data Loss Prevention or DLP. A good DLP solution searches email content and attachments for sensitive information of the kind accidentally leaked by Woolworths. It works reliably in the background all the time to detect sensitive information. When identified, the email is quarantined, and the sender and other staff are asked to review the email, thus giving the business a second chance to prevent the wrong data being sent. If you’d like to read more about Zix DLP solutions, please click here.

Posted: 6/8/2015 12:00:00 AM by Global Administrator | with 0 comments
Filed under: breach, data, DLP, email, error, human, loss, prevention


Recent Posts

08/09/2018

What Is Needed to Achieve Secure by Default Email?

by Dena Bauckman

View Blog Post

08/02/2018

The Current State of Secure by Default for Email

by Dena Bauckman

View Blog Post

07/26/2018

Focusing on What Really Matters in Cybersecurity

View Blog Post