Offshore data breach has dirty laundry flying
The hottest story of the morning, and likely until the media takes North Korea a bit more seriously, is the exposure of secret files from offshore bank accounts held by some of the richest and most controversial people on the planet… and some ordinary Joe’s with a little extra cash, too.
Basically 2.5 million files were leaked from more than 120,000 offshore companies and trusts, exposing a lot of dirty laundry. The International Consortium of Investigative Journalists along with 38 other media partners collaborated to sort through this mess of cash transfers, incorporation dates and links between companies and individuals.
The whole thing leaves very mixed emotions. Data breaches are preventable, shouldn’t happen and causes a very concerned feeling that if it can happen to highly-sensitive accounts backed by tens and hundreds of million dollars – where else can it happen? (More on that later.)
There’s also the sympathy for the doctor, dentist, investor and other hard workers that were just trying to collect a better interest rate, not pay even higher taxes or are in fear of having their government take their money through no fault of its own. After seeing the going interest rates for Money Market Accounts, my sympathy is even higher.
The celebrities and big-name politicians, a little less sympathetic and a little less concerned – blame it on the Kardashians.
Then there’s the sense that cheaters/liars/thieves/crooks never prosper. The consortium allegedly uncovered laundering, organized crime and other financial indiscretions. According to the story, studies have estimated that cross-border flows of global proceeds of financial crimes total between $1 trillion and $1.6 trillion a year.
Now that we covered all the major facets of this particular leak, let’s get back to the concept of data breaches. What went wrong here?
Were documents not properly encrypted? Was this primarily older data that was stored away and forgot about? Could employees have let the information slip? How did this all happen?
Having seen a few data breaches in my lifetime, they are usually a result of one of a few things:
- Data not secured properly behind the firewall, not encrypted, not kept where it’s supposed to be or it’s a duplicate that should not exist is easily leaked by people out to do nothing but access other people’s information for personal gain.
- Data has become old and forgotten about. As other servers are upgraded, the one with information from five years ago remains untouched and become vulnerable. Sadly it’s quite preventable as long as you either protect the data or set the retention policy of old data to retire.
- Data is being accessed by those in the company that should not have access to it. The data storage lacks proper permissions and records of who accessed what and when. This ability can be too tempting for some.
- Archives meant to hold such documents contain everything, just in case. In doing that, data gets lost and forgotten about until leaked.
The good news, all can be properly managed with knowledge of what exists, strong information governance policies and a tool to make it all possible.
Discover how to keep your name from appearing in headlines like this. Download Achieving Effective Information Governance through Data Profiling