A Real Life Example
“I worked as a senior human resources manager for a foreign bank. An employee came to my office and told me that someone had applied for credit cards in his name using stolen information.
I took a report down, but since I was in charge of the payroll and other critical data, I didn’t think much of it. It wasn’t unusual for staff members to let me know if their banking details had changed or if their bank account had been compromised.
I could then confirm that there were no problems with their deposits. But a week later, when a different employee approached me with the identical issue, my suspicions were raised.
I became aware of something by the third worker. Because it’s too coincidental for three employees to experience identity theft within a three-week period, I realized we had an inside issue.
I tried to understand what was happening with the help of my employees, but we had no luck.
The Solution
After a few weeks, we contracted with a fraud-focused investigative firm. They came to my office and asked for the names, pictures, and addresses of every person who has ever accessed our personnel data, so I provided them a list of 15 to 20 people.
They returned the following week with the postmaster general and armed postal police personnel. They said, “Who is this person,” as they sat down, put the list in front of me, and pointed to a name.
Oh, he’s temporarily in our file room, I answered. “Bring him in,” they ordered. After I brought him into my office, it took less than five minutes for the man to be handcuffed.
I found it hard to believe. I was stunned. He was a temp worker that we had employed through a third party company to work in our file room.
The personal files of 3,000 employees quickly accumulated, so we recruited him to organize each employee’s files, add information to them, and store them.
He was, however, accessing these files, obtaining everyone’s information, including their social security numbers. The man was already being looked into by the post office for additional credit card fraud connected to a certain address.
They were therefore able to quickly identify him when they saw his name on our list. He originally denied being the offender when he entered my office. He ultimately acknowledged, nevertheless, that his friend had persuaded him to steal the material from his coworkers.
He and his companion were naive enough to obtain credit cards through fraudulent registration and have them delivered to their residence. The postmaster noticed that address on our list, and it was that one.
This was such a disaster for the employees who had their identities stolen. Some of them struggled to find a solution for more than a year.
Since I recruited the temporary worker and this occurred under my supervision, I also felt somewhat accountable. In terms of assistance, I did my best.