Computershare Says No Customer Data Exposed In Breach

The investor services company told Threatpost that an investigation has determined that data stolen by a rogue employee didn’t contain shareholder data. However, the company still hasn’t retrieved two USB drives containing company email and documents that outline some of Computershare’s closely held business plans.

ComputershareThe investor services company told Threatpost that an investigation has determined that data stolen by a rogue employee didn’t contain shareholder data. However, the company still hasn’t retrieved two USB drives containing company email and documents that outline some of Computershare’s closely held business plans.

The statement came in response to a Threatpost report on Tuesday concerning an ongoing legal effort by the Australia-based firm to retrieve thousands of stolen, confidential documents from a former employee of the company’s Canton, Massachusetts office. Computershare had warned in its complaint that data on “millions of shareholders” could potentially be at risk.

In an e-mail statement to Threatpost, Computershare senior marketing manager Jeff Stein said that, since filing an amended complaint against former employee Kathyann Pace in March, the company has completed an internal investigation that no client or shareholder data was compromised in the theft.

However, Computershare acknowledges that Pace, who worked as an internal auditor for the firm, absconded with information that could potentially be compromising to Computershare’s competitive position in the marketplace. That information included the results of internal audits, as well as operational details and plans for the company’s U.S. lines of business.

The case, which was filed in February, 2011, remains open, with Pace charged with violations of the U.S. Computer Fraud and Abuse Act. At issue is her refusal to return two USB drives that a forensic investigation by Computershare determined were used to store thousands of pages of company documents after they were copied from Pace’s work laptop.

Pace claims that she lost the USB drives, but Computershare’s analysis of Pace’s personal laptop suggests that she was in possession of them even while telling the company that she could not locate the drives.

Stein said that Computershare discovered the breach after an internal investigation, but that responsibility for the breach lies squarely with Pace.

“This incident did not involve a breakdown in company process or procedure but rather a breach of duty by one employee, acting outside well-known company policies and obligations under the terms of their employment,” Stein wrote.

“By moving swiftly against the employee and working through the court system, the company was able to protect its own confidential information,” he said.

The case and Computershare’s investigation of Pace’s activity continue, Stein wrote.

Attacks by rogue insiders are among the most damaging to firms and the most difficult to defend against. Studies have shown that most firms don’t have the ability to monitor information leaks from within their company.

 

Suggested articles

Discussion

  • Jose L Navarro on

    This type of incident should never have taken place since the technology exists to:

    a) Encrypt the data in USB keys

    b) Restrict access to USB ports

    Thing like this happend because people think it is never going to happen to them.

    Once the trust of you clients has been damaged, it could take years to rebuild.

  • Jose L Navarro on

    This type of incident should not have taken place, since the technology exists to:

    a) Encrypt the data in USB keys

    b) Restrict access to USB ports

    Things like this happen because people think it is never going to happen to them.

    Once the trust of you clients has been damaged, it could take years to rebuild.

  • Jose L Navarro on

    This type of incident should not have taken place, since the technology exists to:

    a) Encrypt the data in USB keys

    b) Restrict access to USB ports

    Things like this happen because people think it is never going to happen to them.

    Once the trust of you clients has been damaged, it could take years to rebuild.

  • Jack B. Day on

    "This incident did not involve a breakdown in company process or procedure but rather a breach of duty by one employee, acting outside well-known company policies and obligations under the terms of their employment,"

    Isn’t this the types of BS statements that usually come from people who don’t know a thing about what IT actually consist of and really doesn’t  care.   They usually just survive by making useless political statements that have little or no impact on the actual underlying subject/problem.  Users are becoming more sophisticated and knowledgeable of the workings of computer systems and have a greater expectation for what types and level of service they are provided.  When I see this type of response to a security breach, I just can’t help to think of cutbacks, layoffs, insufficient budgets, IT department downsizing. and yet this clown still has his a job.  Just saying. . .

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.