Insider Data Breaches – Year So Far

Half of all data loss that occurs in companies, happens externally. It’s a figure that surprises many as the panic over data loss often exists around targeting and preventing the activity of cybercriminals. Often internal data breaches are accidental – one click too many, sending the wrong attachment, the list goes on. Internal data breaches can also be malicious, particularly when there is a financial reward to releasing the data involved. Sometimes it can be difficult to imagine what those breaches might look like so we have put together a list of just some of the insider data breaches this year so far, to give you a better idea:

Department of Health and Human Services, Maine

More than 2000 individuals who received foster care benefits were affected in this breach, when all of their personal details, including children’s details, were posted on a third-party website. The Maine Office of Information Technology reported that the potential breach happened as part of a system upgrade when a contractor posted information from to a third-party website not within the state system.

Tarte Cosmetics

It’s not often that the cosmetics industry specifically is called out about data loss protection. Generally, it’s industries such as healthcare and hospitality. But, Tarte Cosmetics’ breach could not be ignored with a massive 2,000,000 customers affected by an internal data breach of their personal information including email addresses, phone numbers, physical addresses and parts of their credit card number.

Arkansas Department of Medicaid

Arkansas Department of Medicaid reported that 26,000 Medicaid recipients’ personal information was breached when a former analyst sent the information to her home email address a day before she was fired for an unrelated matter.


Originally known as Time Warner Cable, in September this year, this company saw 4,000,000 of its customer records breached internally, including login credentials. The breach occurred because of a breakdown in security around the cloud-based computing they were using and the provider it was connected to.

South Washington County School District

Possibly one of the most concerning breaches of all this year, due to the potential for harm it could have caused was one which came from a South Washington School District. While there were only 9,600 files breached, the information was about children, specifically grades, ID numbers, and, concerningly, bus routes, pick-up and drop-off times and locations. Officials are calling it an “inadvertent employee error.”

Inadvertent employee errors are a reality these days. In the United States, there has been estimated to be well over 1.5 million internal data breaches, just in 2017. Sometimes these can be on purpose, but they can also be a completely harmless mistake that was in no way intended. The good news is that there are sophisticated data loss prevention strategies, plans and technology out there that can be implemented, in order to protect this from happening. It’s crucial that employees are onboard with rolling out this implementation, so knowledge about the very real nature of internal data breaches can be helpful in getting them on board.