Barclays bank and its customers had a nasty shock yesterday, when it was revealed that the information of people that use the bank, was being sold on black markets and used for all manner of criminal activity, from fraud, to blackmail and other scams. While the bank has a looming threat of potentially unlimited fines for not protecting customers, some think it could have been an employee that ultimately leaked the data.
While hacking a bank is no mean feat, its certainly a lot easier to be a high level employee and walk out with a pen drive full of data. That’s how security expert at AlienVault, Dominique Karg thinks it happened.
“From my experience of doing internal security audits on banks, it is immensely difficult to protect data from people who are managing the data,” she said. “At this point, the damage to Barclays image is huge, but in this case it is clearly the work of one or two people that had legitimate access to the data.”
She also believes that any fine should be modest, with the majority of the punishment levied against whoever was really responsible:
“If it is true that insider “admins” or “traders” have leaked and sold this information, I’d first hammer them and then moderately fine Barclays, but talking about unlimited fines to Barclays is really out of scope.”
She also praised the company’s willingness to talk about the breach, being frank with customers about what data has been leaked and what steps it’s taking to fix it.
KitGuru Says: What do you guys think? Does an inside job make sense, or do you think someone found a loophole in the bank’s digital security?