All news with #insider threat tag

Technician Sentenced Over Secret Crypto Mining at Wind Farms

🔒 A technical manager at Dutch wind operator Nordex was sentenced to 120 hours of community service after installing three cryptocurrency mining rigs and two Helium network nodes on the company's internal network between August and November 2022. The rigs were plugged into a substation router and hotspots placed inside turbines at two sites while the firm was recovering from a Conti ransomware attack. He must pay €4,155.65 to Nordex and an equal sum to the state, highlighting the risks of privileged insider access.

Recruitment red flags: spotting faux job applicants

🔍 Organizations are facing a growing threat from applicants who pose as legitimate job seekers but are in fact operatives tied to overseas actor networks. Recent cases — including a July 2024 incident at KnowBe4 and longer running campaigns tracked as WageMole and DeceptiveDevelopment — show perpetrators use stolen identities, deepfakes and remote infrastructure to gain employment. The article outlines practical detection cues for recruitment teams and containment steps to limit insider risk.

FinWise Breach Highlights Encryption and Insider Risk

🔒 The FinWise data breach involved a former employee who retained credentials and accessed systems on May 31, 2024, exposing personal records for 689,000 American First Finance customers. The intrusion remained undetected until June 18, 2025, prompting lawsuits alleging inadequate encryption and weak security governance. Experts say robust protection requires not only encryption but effective key management, strict access controls, and proactive monitoring. Vendor solutions such as D.AMO are presented as integrated platforms combining encryption, an isolated KMS, and centralized control to mitigate insider risk.

Medusa Ransomware Tried to Recruit BBC Journalist Insider

🧑‍💻 Threat actors claiming to represent Medusa contacted BBC cybersecurity correspondent Joe Tidy via Signal in July, offering him a cut of any ransom in exchange for providing access to BBC systems. They initially offered 15% of the paid ransom, later adding an extra 10% and even proposing 0.5 BTC placed in escrow. When Tidy hesitated, the actors launched MFA bombing attempts; he alerted the BBC security team and was disconnected from corporate systems as a precaution.

ICO Warns Schools: Students Fuel Insider Data Breaches

🔒 The UK's Information Commissioner's Office (ICO) warns that pupils represent a significant insider threat in schools, reporting that 57% of education-sector data breach reports originate from students. In an analysis of 215 breach reports between January 2022 and August 2024, nearly a third of insider incidents involved stolen or guessed passwords, 97% of which were committed by students. The ICO highlights additional causes — weak data protection (23%), staff sending data to personal devices (20%), misconfigured access rights (17%), and deliberate bypassing of controls (5%) — and cites incidents where students accessed systems holding thousands of records. Practical recommendations include strong password hygiene, MFA, tightened access controls, prohibiting pupil use of staff devices, secure shared-device management, and better parental engagement.

FinWise Bank warns of insider data breach affecting 689K

🔒 FinWise Bank notified customers that a former employee accessed customer data after their employment ended, with the incident occurring on May 31, 2024 and discovered on June 18, 2025. The breach affected 689,000 FinWise and American First Finance (AFF) customers, and the bank confirmed that customers' full names were exposed. FinWise engaged external cybersecurity experts, offered 12 months of free credit monitoring and identity-theft protection, and advised customers to place fraud alerts or security freezes and to monitor credit reports and account statements.

FinWise Insider Data Breach Affects 689K AFF Customers

🔒 FinWise Bank says a former employee accessed sensitive files after their employment ended, in a data security incident identified on May 31, 2024. The bank notified corporate partner American First Finance (AFF), which reported that data for 689,000 customers was affected. FinWise launched an external investigation, strengthened internal controls, and is offering 12 months of credit monitoring and identity theft protection to impacted individuals.

ICO: Students Cause Majority of UK School Data Breaches

🔒 The ICO analyzed 215 insider personal data breach reports from the UK education sector between January 2022 and August 2024 and found students were responsible for 57% of incidents. Around 30% of breaches involved stolen login credentials, with students accounting for 97% of those attacks by guessing weak passwords or using credentials found on paper. The report highlights cases where pupils used freely available tools to break into school systems and access or alter thousands of records. The ICO urges parents, schools and the wider industry to channel curiosity into legitimate cyber careers and strengthen basic protections.

61% of US Companies Hit by Insider Data Breaches in Two Years

📊 Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute. Affected organizations reported an average of eight unauthorized file-access incidents and an average financial impact of $2.7m per organization. Respondents identified file storage and web file transfers as the riskiest environments for data loss. The study also found mixed approaches to generative AI—29% have banned it, 25% have formal policies, and 33% already include AI in file security strategies.

Nine Common Mistakes That Can Cost CISOs Their Jobs

🔒 This article outlines nine critical errors that can cost CISOs their positions, based on input from several industry leaders. It highlights risks such as overconfidence, unnecessary complexity, weak Governance, Risk & Compliance programs, and poor alignment with business priorities. The piece stresses practical prevention: prioritize access control and identity management, address the human factor, shrink stale data, break down silos, and avoid complacency to reduce breach risk and maintain executive trust.

Ex-Developer Jailed for Deploying Kill-Switch Malware

🛑 A former software developer was sentenced to four years in prison after intentionally sabotaging his employer's servers with custom malware that included a kill switch. Davis Lu, 55, abused his access in 2019 to introduce infinite-loop Java code, delete coworker profiles, and deploy a kill switch named 'IsDLEnabledinAD' that locked out users when his Active Directory account was disabled. The DOJ said the incident, reportedly at Eaton Corporation, disrupted thousands of users and caused hundreds of thousands of dollars in losses.