Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

04:36 PM
Melanie Rodier
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Investment Firm's Massive Data Breach Caused by File-Sharing

A data breach at an investment firm has thrown the spotlight on the dangers of allowing employees to use popular online file-sharing software such as LimeWire, after an incident saw an employee use the service to trade music or a movie, and unwittingly expose his organization's entire database to potential criminals.

A huge data breach at an investment firm has thrown the spotlight on the dangers of allowing employees to use popular online file-sharing software such as LimeWire, after an incident saw an employee use the service to trade music or a movie, and unwittingly expose his organization's entire database to potential criminals.An employee at Wagner Resource Group, a McLean, Va-based investment firm used LimeWire late last year from his company computer, and in doing so, inadvertently opened the private files of his firm to the public.

This exposed the names, dates of birth and Social Security numbers of about 2,000 of the firm's clients - including a number of high-powered lawyers and Supreme Court Justice Stephen G. Breyer, the Washington Post reported.

The breach was only discovered six months later -- when a reader of a washingtonpost.com blog found the information while actually searching LimeWire. The reader notified the Post's Security Fix blog, which then alerted some of the Wagner clients, the Post said.

Phil Neray, VP at database security company Guardium, says most companies have policies in place preventing their employees from using LimeWire, "as it's hard to imagine a legitimate business use for this or other Peer-to-Peer file-sharing applications."

"But even when companies allow them to reside on networks, they need to enforce policies around the use of these applications," Neray says.

In addition, companies need to have content monitoring controls in place to enforce these policies. "Most companies on Wall Street have policies, but they're only just now getting to use the technology to enforce these policies," he says.

Phylyp Wagner, founder of the Wagner Resource Group, called his firm's breach "devastating."

"I didn't even know what peer-to-peer was. I do now," he told the Washington Post.

The bottom line, Guardium's Neray says, is that while companies can't prevent peer-to-peer file sharing applications or other technologies from entering a work environment - they need to put controls in place, including real-time monitoring, to make sure these are used in an authorized manner.A data breach at an investment firm has thrown the spotlight on the dangers of allowing employees to use popular online file-sharing software such as LimeWire, after an incident saw an employee use the service to trade music or a movie, and unwittingly expose his organization's entire database to potential criminals. Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio

Register for Wall Street & Technology Newsletters
Video
All Videos
Trading Floors
Slideshows
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.
More Trading Floors