A bank's failure to disable former employee accounts allowed them to retain network access after a layoff
Incident Date: 2001 (or prior)
According to a CEO of a security company, a merchant bank failed to take proper security precautions after laying of 5,000 employees. The bank failed to deactivate the former employees’ passwords when they were terminated. Research revealed that 40% of the ex-employees had entered the bank’s network even after the layoff. The CEO reports that the bank personnel capable of disabling the accounts simply had not been educated to follow the procedure during terminations.
Title: Making Security a User Issue
Author: Mark Street
Publication: IT Week
Publication Location: USA
Publication URL: http://www.pentasafe.com/news/itweekdougerwininterview.pdf
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.