Data Leak Puts Ulster Prison Staff in Danger
Lives were put at risk after the personal details of hundreds of Northern Ireland prison officers were emailed to a third party by mistake.
Staff names and dates of birth were sent out accidentally to a third party who is thought not to have been security vetted to receive such information.
The risk is that with such information, terrorists in the region could find out the addresses of prison staff.
A 52-year-old prison officer died just weeks ago following a bomb blast claimed by the New IRA.
“This is another result of cutbacks,” a source told Belfast Live regarding the email leak.
“The checks were previously done independently but they were moved in-house to save money.”
However, the Department of Justice claimed in a statement that the incident has been contained.
“A full investigation is under way and the incident has been reported to the Information Commissioner’s Office,” it added.
Tony Pepper, CEO of secure data transfer firm Egress, argued that email auto-fill was likely to blame, but that tools exist to help eradicate this kind of human error.
“Firstly, organizations need to have the means to securely share information both internally and with trusted external third parties using encryption tools that suit the ways their employees work – whether securing emails or large files, or providing a secure collaboration environment,” he added.
“Secondly, they need to ensure users retain control over their data from start to finish, even after it has been shared with a third party. For example, having the ability to retract an email sent in error, such as in this case, so that the recipient is unable to read the contents. Finally, this smart technology needs to be combined with user education, policies and procedures that help them to understand how to treat data.”
Firms would also benefit from tools which feature an element of artificial intelligence built in, he argued.
“Machine learning can harness the digital footprints employees leave behind every day and use these to discern what ‘good’ behavior looks like in comparison to ‘bad’,” Pepper explained.
“Aggregating and analyzing this information can then allow greater information security and assurance to be applied to any exchange of data, reducing the opportunity for employees to cause a data breach, whether by accident or intentionally.”
Source: Information Security Magazine