Shell warns employees of suspected data loss

Shell warns employees of suspected data loss

Summary: A third-party vendor has lost its contract with Shell in the US following the alleged misappropriation of employee social-security numbers

SHARE:
TOPICS: Security
0

Oil company Shell has dismissed one of a third-party contractor's workers, under suspicion of misusing employee data.

The employee was engaged in database work, and was removed from US Shell premises when the company learned that the employee could have misappropriated four of its employees' social-security numbers, in order to file fraudulent unemployment claims.

Shell also terminated its contract with the third-party vendor following the suspected incident. The company said it had no information as to whether any credit-card fraud had been perpetrated as a result of the breach, or whether any other employee personal data had been compromised.

The oil giant is "continuing to work with the Texas Workforce Commission and Harris County law enforcement to investigate this matter", Shell said in an employee notification of the incident.

Security analyst Andy Buss, from the firm Canalys, said it was difficult to prevent trusted employees from misusing data, whether they are internal or third-party.

Read this

Feature

Special report: The top five internal security threats

What should an employer watch out for?

Read more

"There's nothing you can do to get rid of all the bad apples," said Buss. "You'll never get around this problem, even with strict digital-rights management. For external [workers], you need to consider why they need access."

Buss said that, to mitigate the threat, companies should put in data-loss prevention or intrusion-detection capabilities to monitor the flow of information over networks. He added that companies looking to mitigate the threat of employees using removable storage devices, such as USB sticks, could physically glue ports, or put a policy in place so only corporate-issued, encrypted sticks could be used.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion