An article in Computerworld shows that the Automatic Data Processing Center gave its shareholder information to an unauthorized party. This unauthorized party has been said impersonate corporate officers. The information included were not just names but also addresses and the number of shares they had. There are further investigations on the matter. The number of affected accounts remain undisclosed.
There are different ways in which security is breached. The intrusion may happen within your own company or outside of it. You could never tell which one will happen. The difficulty about having security breached internally is that you have placed your trust among certain people and you could never tell which one of them did it or why it has come to pass.
For such cases, there has to be a policy that will prevent this from happening. It looks as though they have given the data without much careful thinking as it was an ‘unauthorized party’ they gave it to. This is difficult to accept. Policies should be strictly imposed too. And also, maybe there is something lacking in the way personnel are trained in handling such information. If that might have been the case, they should be trained to analyze situations carefully before giving out any kind of information, especially confidential ones. The only consolation in this case, perhaps, is that account numbers and Social security numbers were not included in the information that was given.