What is Considered an Insider Threat?
Insider threats are more destructive than any other type of fraud since the criminals are often in a unique position to hurt their employer. Whether they have access to sensitive customer data, trade secrets, or financial accounts, fraudsters decide to harm their employer for financial gain, revenge, or simply for fun. To protect yourself and your business from insider fraud, learning from insider fraud examples is a great place to start. Take a look at these seven recent insider fraud threat cases to see the types of attacks and the disastrous outcomes they can have for a business.
1. Capital One
Capital One used to host their data with the cloud hosting company Amazon Web Services. Paige Thompson, a former employee of AWS, took advantage of a misconfigured firewall to access 100 million credit card applications and accounts in 2019.
Thompson discovered the flaw, discussed it with her co-workers, and reportedly wrote about it on social media.
Capital One claims that it’s unlikely she used the data to commit fraud, but she was able to access personal information, including Social Security Numbers, Canadian Social Insurance Numbers, and bank account details.
2. Tesla
In 2018, a Tesla employee made unapproved changes to the code for the Tesla Manufacturing Operating System as Tesla was getting ready to ramp up its production for the Model 3.
This employee also leaked private data to outside sources. It seems that the employee wanted to get back at the company because of a promotion he didn’t receive.
3. Wells Fargo
The Wells Fargo scandal is one of the highest-profile insider fraud examples of the decade and shows how a company’s culture can foster unethical actions.
In 2016, Wells Fargo fired over 5,000 employees who created fake accounts to keep up with sales goals.
After a long investigation, it turned out that employees created 3.5 million bank and credit card accounts that customers didn’t apply for. They also charged unnecessary mortgage fees and sold products that customers didn’t need or didn’t understand.
4. Apple
Apple’s self-driving car program experienced two insider fraud examples over the course of a few months. In July 2018, an employee of the program stole data with the intent to share it with a Chinese company.
Apple found a similar threat in January 2019. An employee took pictures of a self-driving car prototype inside of a restricted work area and downloaded schematics and other sensitive data. The employee claimed that he wanted to go to China to visit his parents but had actually found a job with a Chinese firm.
5. JP Morgan
A JP Morgan analyst was charged with insider trading in 2015. The analyst gathered information about acquisitions and shared it with an accomplice who carried out trades on family and friends’ accounts.
JP Morgan was targeted by another insider threat around the same time with an employee who stole and sold customer data, including personally identifiable information, account numbers, and PINs.
6. Waymo
Some insider fraud examples are driven by direct financial gains or a desire to get back at an employer. The Waymo case is different since the fraudster had a long-term goal in mind.
Anthony Levandowski left Waymo, Google’s self-driving car project, to start his own company, Otto. Before leaving, he downloaded thousands of files from a Google server. His company was later obtained by Uber, likely with the stolen information.
Alphabet, Google’s parent company, received Uber shares as payment, and an agreement was signed so that Uber wouldn’t use the stolen trade secrets.
7. Allen & Hoshall
This insider fraud case makes a strong case for reviewing permissions regularly.
Jason Needham left Allen & Hoshall, a Memphis-based design firm, in 2013 to launch his own firm. However, he kept access to the company’s internal file-sharing system.
Over the years, Needham accessed project proposals, bids, schematics, and other sensitive information. He was charged in 2017 after a client noticed similarities between a pitch he received from Needham’s firm and wording used in Allen & Hoshall documents.
Learn from insider fraud examples and protect your business
These insider threat cases prove that insider fraud is a top security risk your business could face. A positive company culture that values accountability can go a long way in mitigating risks, but there are other steps you can take using technology like Fraud.net:
- Our end-to-end anti-fraud solution helps you develop safer workflows, improve accountability and turn risk management into a process.
- Our fraud solution allows you to create transaction and account audits to uncover suspicious activity and root out insider threats before they can cause more damage.
- Our identity verification solution prevents unapproved access to sensitive data.
- We offer monitoring services so you can track session activity and spot unusual behavior, such as a user downloading large amounts of data.
Building an environment with the right controls can help with insider fraud prevention.
Get started now and find out more about Fraud.net’s end-to-end anti-fraud solution and other tools you can leverage to mitigate insider threats.