My work, my company Beazley, isn't mainly in the business of preventing breaches. Instead, and perhaps more relevant today, we're the people who help companies survive them. We've resolved over 1,000 cases in the last five years. Let me tell a few illustrative stories—and some interesting lessons to be learned.

An angry client broke into the offices of a large, prestigious law firm and stole all their hard drives. They had a great encryption system, powerful fire walls, all the latest data security software. None of that made a whit of difference; they were breached anyway.

A multi-state health provider sent a free wellness magazine to its older members. They loved it. But one month their printing system got the mailing labels wrong—each one contained not just the member's address but their patient ID as well—and those included their Social Security numbers.

Outside contractors remodeling an office disposed of some old file cabinets. Unfortunately, scores of old computer backup tapes were stored inside them. Did bad actors get hold of the data? Was anybody hurt? No, it was only an accident. But the company was, nevertheless, responsible. They had to search for the tapes in a landfill and notify thousands of customers.

Thieves posing as employees of a recycling company worked their way up the Eastern seaboard removing X-rays from hospital radiology labs. Their plan was to retrieve and sell the silver in the films. The problem was the X-rays were marked with patient data—names, addresses, dates of birth, and Social Security numbers. The crooks were not identity thieves. They weren't after the data. But thanks to HIPAA rules, the hospitals had to navigate around hefty fines.

A doctor was in the habit of motorcycling to work. One day his briefcase came open. He arrived safely at his office, but hundreds of patient records were scattered three miles behind him.

One company's security system was so complete that it guarded data against its own employees. Staff had to type in secret codes to get information using special terminals with security cameras watching everything over each one. An insider, however, was stealing employee identities. She stood behind friends while they looked up data and memorized the information.

Instant Insights /

Lessons Learned from 1,000 Data Breaches … and Counting

Related Stories

Recommended For You