Interesting report today on MSNBC about bank employees who stole 700,000 customers bank account information and sold to collection agencies for $10 an account.
What is interesting for me is that I spent some time over the last year talking with customers about security and in general found that companies have much higher trust for employees than anyone not on the payroll. The most significant threats that people talked about were all external penetration attacks. Few felt particularly threatened by internal attacks or fraud perpetrated by employees. Getting hired was the key trust hurdle people had to clear. Once over it, high trust was assumed.
The attack cited in the article is essentially property theft -- employees are taking a valuable asset of the company, stealing it from the company and selling it for their private benefit.
In the information economy, the assets on the "shelf" are customer accounts, financial records, and identities. So employee theft now no longer is an issue limited to the employer-employee diad. In these new types of thefts, customers who never knew they were a party to the theft soon become embroiled in sorting out risks they have been exposed to. The employer likely has insurance to help cover the loss, but for the customer, what protection do they receive?