Suspected employee fraud at Huron Consulting Group
Technorati Tag: Security Breach
Date Reported:
7/15/08
Organization:
Huron Consulting Group
Contractor/Consultant/Branch:
None
Victims:
Current and former employees
Number Affected:
Unknown
Types of Data:
"full set of employee W-2 forms"
Breach Description:
"On July 1, 2008, Huron discovered that an employee may have stolen paychecks and fraudulently endorsed and cashed/deposited them." "Huron has not been able to locate the employee, but the employee had an associate return the company laptop computer to Huron on Tuesday, July 8, 2008. Forensic review of the laptop computer revealed that the employee, who had authorized access in the course of employment to personal financial information of Huron current and former employees, had downloaded a full set of employee W-2 forms in a text file on to her laptop."
Reference URL:
New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
On July 1, 2008, Huron discovered that an employee may have stolen paychecks and fraudulently endorsed and cashed/deposited them.
[Evan] Stealing paychecks is bold.
Huron has terminated the employee.
Huron has not been able to locate the employee, but the employee had an associate return the company laptop computer to Huron on Tuesday, July 8, 2008.
Forensic review of the laptop computer revealed that the employee, who had authorized access in the course of employment to personal financial information of Huron current and former employees, had downloaded a full set of employee W-2 forms in a text file on to her laptop.
[Evan] I wonder if this authorized employee was also authorized to copy W-2 forms to her laptop. Are employees permitted to copy confidential information to company laptops and are company laptops encrypted?
this individual had access to your personal information, and may have downloaded or improperly removed it prior to termination.
We have no information of any use (malicious or otherwise) of this information by the employee.
While this is not necessarily a case of improper access, we intend to inform our employees that personal information may not have been fully secured so that they can take steps to protect their personal information and credit.
We do not have any evidence that your information has been misused, and we believe the likelihood of such misuse is low.
out of an abundance of caution, we are informing all current and former Huron employees who may be affected by this incident
[Evan] Ugh, there is the "abundance of caution" statement again!
We have reported this matter to local law enforcement (Chicago Police Department) and the FBI.
We have also engaged Consumerlnfo.com, Inc., an Experian® company, to provide you with one full year of credit monitoring, at no cost to you.
Commentary:
If the employee had not been so bold as to steal and cash paychecks, would the company have known that she copied confidential information to a laptop (authorized or not)? I have said this before, employee fraud can be very difficult to prevent and detect. It helps if the employee is an idiot.
Past Breaches:
Unknown
Date Reported:7/15/08
Organization:
Huron Consulting Group
Contractor/Consultant/Branch:
None
Victims:
Current and former employees
Number Affected:
Unknown
Types of Data:
"full set of employee W-2 forms"
Breach Description:
"On July 1, 2008, Huron discovered that an employee may have stolen paychecks and fraudulently endorsed and cashed/deposited them." "Huron has not been able to locate the employee, but the employee had an associate return the company laptop computer to Huron on Tuesday, July 8, 2008. Forensic review of the laptop computer revealed that the employee, who had authorized access in the course of employment to personal financial information of Huron current and former employees, had downloaded a full set of employee W-2 forms in a text file on to her laptop."
Reference URL:
New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
On July 1, 2008, Huron discovered that an employee may have stolen paychecks and fraudulently endorsed and cashed/deposited them.
[Evan] Stealing paychecks is bold.
Huron has terminated the employee.
Huron has not been able to locate the employee, but the employee had an associate return the company laptop computer to Huron on Tuesday, July 8, 2008.
Forensic review of the laptop computer revealed that the employee, who had authorized access in the course of employment to personal financial information of Huron current and former employees, had downloaded a full set of employee W-2 forms in a text file on to her laptop.
[Evan] I wonder if this authorized employee was also authorized to copy W-2 forms to her laptop. Are employees permitted to copy confidential information to company laptops and are company laptops encrypted?
this individual had access to your personal information, and may have downloaded or improperly removed it prior to termination.
We have no information of any use (malicious or otherwise) of this information by the employee.
While this is not necessarily a case of improper access, we intend to inform our employees that personal information may not have been fully secured so that they can take steps to protect their personal information and credit.
We do not have any evidence that your information has been misused, and we believe the likelihood of such misuse is low.
out of an abundance of caution, we are informing all current and former Huron employees who may be affected by this incident
[Evan] Ugh, there is the "abundance of caution" statement again!
We have reported this matter to local law enforcement (Chicago Police Department) and the FBI.
We have also engaged Consumerlnfo.com, Inc., an Experian® company, to provide you with one full year of credit monitoring, at no cost to you.
Commentary:
If the employee had not been so bold as to steal and cash paychecks, would the company have known that she copied confidential information to a laptop (authorized or not)? I have said this before, employee fraud can be very difficult to prevent and detect. It helps if the employee is an idiot.
Past Breaches:
Unknown
Posts Atom 1.0
Comments