Four Examples of Data-Loss Prevention Gone Wrong

It is not uncommon today to come across media headlines decrying the massive loss of data in a private company or government department. These data breaches have far-reaching consequences for both these organizations and their customers. Often, private information gets into the wrong hands and can end up hurting many people.

Not long ago, the primary concern of IT departments was to protect data from outside threats such as hackers and viruses. However, today, internal threats take up of much of these departments’ time and energy, mainly due to the proliferation of web-based applications. In addition, insider threats remain largely undetected because sensitive information comes in and leaves the company on a daily basis through emails, file transfers, webmail and social media.

Needless to say, any data loss can be a cause of significant problems to the company. Loss of sensitive information can wreak havoc to a company’s reputation and financial position due to the cost required to fix the mess. No wonder it is estimated that 70% of SMBs experience a significant data loss collapse within a year. Additionally, no company or organization is immune to data loss.

Let’s now take a look at some real life examples of data loss prevention gone wrong. Luckily, these companies detected data-breach incidents early enough to fix the mess before they suffered any major loss. However, all those who act when it is too late may not be as lucky. That’s why some companies never recover due to negative PR, legal fees, regulatory fines and loss of consumer confidence.

AMAG Pharmaceuticals

AMAG is a pharmaceutical company based in Boston that employs over 300 people. It is heavily regulated, as expected of any company dealing in health and pharmaceutical products. It lost data when an HR folder that had not synced correctly was moved in Google Drive. Consequently, all files on the folder disappeared, including many that did not belong to the person moving the folder. The employee ransacked the trash and recycle bins, but the data had already been lost. Fortunately, AMAG had a backup software that allowed them to restore all of the files. Without the backup software, AMAG would have been in serious trouble with the regulators.

Battle Bogle Hegarty

Bartle Bogle Hegarty (BBH) is a leading marketing agency based in London. It has over 1,000 employees and volunteers. It works with some of the biggest brands in the world. Their data-loss story was a result of someone trying to help by cleaning up a client’s folder. As a result, more than 1,000 folders and files were lost, even those that didn’t originally belong to the user. The “helpful employee” checked both the trash and recycle bins, but the data had already been lost. These examples show that although employees are critical to the success of your business, they also pose the biggest threat to the security and safety of your company. BBH used backup software to salvage what they could, but the metadata was already gone. Knowing where sensitive information is stored and who is accessing it is a fundamental component of any data-loss prevention (DLP) strategy.

Alzheimer’s Association

You may have heard of the Alzheimer’s Association and their great mission to eradicate this disease. With over 2,800 employees and volunteers, the charity is engaged in care, support and research to combat Alzheimer’s disease. The organization suffered massive data loss caused by a departing employee who deleted all his emails on his way out. It is unclear whether the employee was trying to be helpful or was erasing his digital footprint in the company, but his actions had dire consequences. Among the emails deleted were those that were part of a major fundraising drive. This would be a huge blow to any charity because it means loss of contact information and pledges made.

Ashley Madison

Ashley Madison, a leading infidelity and married dating site with over 40 million users, suffered arguably the biggest data breach ever recorded. Crucial personal information, such as credit card information, names and contact information, was exposed. This violation was primarily seen as an inside job.