Data breach is a serious issue affecting many businesses. Despite the security measures taken, data breach or identity theft happens, even for the personal data of employees. Data breaches not only cost a company’s time and money, but also affect its public trust and confidence. Anyhow, companies should set up adequate strategies to respond to and manage data breaches properly.
An identity theft reported at UPMC (University of Pittsburgh Medical Center), has affected more than 27000 of its employees, a recent report says. According to the recent report, at least 788 workers may have fallen victim to tax fraud, which is much more than the March estimate that 322 employees may have been affected. Data breaches expose important information such as names, home addresses, social security numbers, wage information, birth dates, bank accounts, and routing numbers. Fraudsters can use this information for fraudulent income tax returns or file a phony tax return in the victim’s name to claim a refund.
A similar case happened with Detroit employees, when personal identifying information of about 1,700 city employees was stolen. According to the report, the incident occurred when a city employee apparently clicked on a malicious software link in an email. It released a code that froze access to some files containing information such as the names, birth dates and social security numbers of present and former employees. Fortunately, it didn’t seem that the malicious code gained access to the information in the files.
Data breaches can happen accidentally or intentionally. Some of the major reasons why data breaches occur are:
- Loss or theft of data or equipment on which data is stored
- Inappropriate access controls allowing unauthorized use
- Human error
- Hacking attack
- Equipment failure
- ‘Blagging’ offences where information is obtained by deceiving the organization that holds it
How Data Breaches Can Be Avoided
Certain policies and procedures should be established to ensure the protection of personal data. As the first step, the proposed team should identify and list all type of personal data held (in various departments) within the organization. Risks associated with the storage, handling and protection of this data should be evaluated and security measures taken accordingly. However, data breaches can be avoided to a certain extent by following some measures.
- Allow only authorized staff members to access personal data
- Avoid access to systems (containing such data) that are not in active use
- Provide password protection to files
- Educate staff members in security and fraud awareness
- Constantly monitor and review the existing system to ensure compliance with the security policy
Measures Taken by UPMC to Address Data Breach
UPMC has adopted some measures to address the issue of data breach.
- Published information for the employees on the company’s internal website
- Affected workers have been encouraged to enroll in an identity-theft protection service free of charge
- Advised the workers to alert the IRS and contact a credit bureau
- Hired a tax firm to help employees complete an IRS identity theft form
- Established a payroll system
- Will provide credit monitoring services to affected employees
- Will provide financial assistance, if required
- Offered to reimburse employees up to $400 to use their own accountants
An efficient document management system can reduce the risk of data breaches and protect sensitive employee information in an organization.