Email Strikes Twice More: 53,000 Records Breached with No Data Loss Prevention In Place

Oops by Marcin Wichary 4.28.12

The digital ink had barely dried on our recent posts (here and here) about breaches caused by email when there were two more reports of similar incidents – at Riverside County Colleges and Stanford Federal Credit Union.

In both cases, an employee accidentally sent data containing names, social security numbers, and addresses of thousands of people (53,000 in total) via email.  A school spokesperson said, “We’re human. People make mistakes, I’m sure they didn’t intend for that to happen.”

Both organizations will offer a one year credit monitoring subscription to anyone who may have had their social security numbers compromised. Given that credit monitoring products cost about $100 per year per person, the breach could cost upwards of $5.3 million in total expenses not including legal fees.  It can’t be easy explaining to the Board that you have to spend millions of dollars on a breach that was easily preventable by a data loss prevention solution.

What have we learned from the four recent breaches as a whole?

First, data loss prevention is an issue across verticals as the breaches happened in healthcare, government, education and finance. Second, for proper risk management, organizations need to account for human error. The school spokesperson was absolutely right in saying that its normal for people to make mistakes, however, their shortcoming was not having something in place to stop the inevitable mistake.

Data loss prevention has come a long way from the days when you had to physically-install an expensive gateway that disrupts your email network. In the cloud, you can be deployed in minutes and it is affordable for any sized organization. Come see how easy it can be by signing up for a free Cirius trial here.