Advertisement
Promo

Security threats Toolkit

Shell warns employees of suspected data loss

Tom Espiner ZDNet.co.uk

Published: 08 Oct 2008 18:18 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Oil company Shell has dismissed one of a third-party contractor's workers, under suspicion of misusing employee data.

The employee was engaged in database work, and was removed from US Shell premises when the company learned that the employee could have misappropriated four of its employees' social-security numbers, in order to file fraudulent unemployment claims.

Shell also terminated its contract with the third-party vendor following the suspected incident. The company said it had no information as to whether any credit-card fraud had been perpetrated as a result of the breach, or whether any other employee personal data had been compromised.

The oil giant is "continuing to work with the Texas Workforce Commission and Harris County law enforcement to investigate this matter", Shell said in an employee notification of the incident.

Read this

Feature
Special report: The top five internal security threats

What should an employer watch out for?

Read more +

Security analyst Andy Buss, from the firm Canalys, said it was difficult to prevent trusted employees from misusing data, whether they are internal or third-party.

"There's nothing you can do to get rid of all the bad apples," said Buss. "You'll never get around this problem, even with strict digital-rights management. For external [workers], you need to consider why they need access."

Buss said that, to mitigate the threat, companies should put in data-loss prevention or intrusion-detection capabilities to monitor the flow of information over networks. He added that companies looking to mitigate the threat of employees using removable storage devices, such as USB sticks, could physically glue ports, or put a policy in place so only corporate-issued, encrypted sticks could be used.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Websphere MQ Administrator

Payroll Administrator

Security Analyst

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment

Campaigners criticise '£10bn NHS IT ov...

The National Health Service's flagship IT project has been criticised by a tax campaign group for running billions of pounds over budget. The NHS National Programme for IT (NPfIT)... More

2 comments

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters