A few weeks after a new study revealed more than half of former employees admitted stealing company data and a good article recapping various insider misuse of access rights, comes another story about insider abuse of access to data. The Washington Post reports:
Sprint is warning several thousand customers that a former employee sold or otherwise provided their account data without permission.
In letters sent via snail mail to some customers, Sprint urged recipients to contact customers service and change their existing personal identification number and security question. Turns out, a Sprint employee accessed “multiple customer accounts,” between Dec. 2008 and Jan. 2009.
In good news, the company had recently set up safeguards to minimize the data that could be accessed and misused.
“We implemented a billing platform about a year ago that has advanced security features designed to catch things like an employee accessing information that they shouldn’t be,” [Sprint spokesman Matt Sullivan] said. “That platform limits information that employees can access, such as Social Security numbers, and any sort of payment information.”