0

An employee of the Northern Trust Bank in Naples, California apparently stole a number of bank owned computers which he then either sold to his co-workers, pawned or auctioned off on eBay. The 34 year old man pleaded to a felony fraud charge and sentencing has been deferred until it is determined how much of the $40,000 worth of theft is reimbursed to his now former employers as part of a good faith bargain. He could face less than 36 months imprisonment thanks to the plea, which is not bad considering that the charge actually carried up to 30 years if he had taken his chances with a jury.Brian E. Helton has admitted to stealing up to 15 pieces of computer equipment, according to reports.

According to the Collier County Sheriff’s Department report one employee paid $416 for a laptop, another got a flat screen monitor for $152. A third, and one has to assume none too savvy employee, bought a flat screen monitor for $618 while a fourth took both a computer and flat screen for $756. An eBay auction raised $1250 for a laser printer, although according to the report Helton made a mistake and sent him two printers for the money.

As Mark Fullbrook, Director of data security outfit Cyber-Ark, told me: "This case illustrates that good old employee theft is yet another security risk facing organizations. In the case of the 34-year-old bank employee, the fact that up to 15 bank PCs have gone missing almost certainly means that bank customer and/or employee data has gone too. Usually it's the laptops that get stolen, but this time around it's the desktops at the bank that have been stolen. This illustrates the need to adopt a data encryption rule for all personal data held on computers in an organization, and not just for laptops. The US is a highly litigious country and the bank could yet see a class action lawsuit, even if the data is not used for fraud. If I were a Northern Trust Bank director, I'd be more than a little worried about this case."

3
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by jbennet
0

the computers most likwly dont hold any sensitive detail. Usually they are thin client or server based

0

you've apparently never worked in banking...
The computers themselves are sensitive. If it works like the banks I worked for the server will allow network connections based on which hardware is connecting.
Have the right computer and you can get onto the network, without it you can't.

Of course there's still user level security as well, but with each of those systems the first security barrier is already breached for intruders, making it that much easier for them to get into the banking systems.

We had such a case about a decade ago. Major burglary at a branch office, all the workstations were stolen.
We went into overdrive not just getting that office back up and running, but also killing the authentication for all the old workstations to prevent intruders from using them.

That's why banks don't generally sell their old hardware on the second hand market. It gets shredded and burned.
Literally shredded and burned, we had a shredder in the basement of one building where harddisks, CPUs, network cards, and motherboards were turned into confetti sized chunks before being sent off to the incinerator for total annihillation.
Only printers and screens were kept or sold, and some small parts like cables and floppy disk drives which were retained as spares.

0

oh right i didnt realise that

in my work (retail) we use thin client systems - they network boot the epos software and data is not stored locally, instead they are in communication with a server at head office.


i would have thaught banks used then same thing?

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.