The Boeing Breach: How an Employee Slip-Up Cost Colleagues

How would you feel knowing that an employee shared private information of vital importance about your organization with an outsider? Well that's exactly what happened to Boeing in November 2016.

Below we will discuss the recent Boeing data breach, what you can learn from the incident and how cyber liability insurance coverage from CyberPolicy can protect your business in the event of a similar slip up.

A Boeing Problem
So what exactly happened to Boeing? According to Threat Post, an employee at the company sent a spreadsheet containing personal information on his 36,000 coworkers to his spouse, who does not work at the company.

The file contained all sorts of sensitive information including: names, places of birth, corporate ID numbers, dates of birth and social security numbers (although some of this information was hidden).

According to a letter sent by Boeing's Deputy Chief Privacy Office Marie E. Olsen to Washington state's attorney general, the breach was discovered in mid-January. However, it wasn't disclosed to employees until February 8th. Boeing is said to have destroyed the spreadsheet on the husband and wife's computers, carried out a forensic examination and offered its employees two years' access to a free identity theft protection service.

"We have notified all affected parties about the incident. We believe it is contained and the risk of harm is very low," Boeing said in a statement.

This is a prime example of employee negligence which, incidentally, is the root cause of most cybersecurity incidents. So, what can we learn from Boeing's example?

From the information available, it appears as if Boeing did the right thing. They assessed the threat and responded in a timely matter. It's important to realize that this situation could just as easily happen to your company, so here are a few tips.

  • Never share sensitive information outside of your organization. Saving or transferring data outside of a corporate firewall or to an unfamiliar device creates problems for IT teams since they cannot see or defend these security gaps.
  • Conceal sensitive information whenever possible. The popular file-sharing service Dropbox experienced a similar breach in July 2012 when an employee shared information from 68 million accounts with a spoofer. This data stolen included emails and passwords. If you are storing such crucial information in a spreadsheet, be sure to hash and salt passwords and social security numbers.
  • Notify the affected parties. Your employees, partners, clients and customers have a right to know when their data has been compromised. Investigate the cause and consequences so you can best communicate the incident and next steps to your audience.
  • Alert the proper authorities. Forty-seven states have legislation requiring companies to disclose breaches of personally identifiable information.

At the time this article was written, Boeing has not experienced any especially damning effects from their data breach. Rather this incident is more of a blemish on their reputation. But that isn't always the case. Cyberattacks and data breaches have greatly reduced customer confidence, lead to class-action lawsuits and sunk companies for good.

Don't let this happen to your small business. Invest in cyber liability insurance coverage from CyberPolicy today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375