Famous Insider Threat Cases

Insider threats are the biggest security risk for organizations because they can cause the most destruction. From taking advantage of privileged access to stealing company data – sometimes the biggest and worst threats to a company’s security program is right under its nose. There are so many Insider Threat Personas and we are sharing famous insider threat cases to expose the serious risk of insider cyber attacks.

Insider Threat Case #1: Former Tesla Employees Leaked Thousands of Personal Records to German News Outlet (2023)

Two former Tesla employees leaked the names, addresses, phone numbers and email addresses of 75,735 current and former employees to a German newspaper. Tesla data privacy officer Steven Elentukh said the company learned of the breach on May 10, 2023 from German news outlet Handelsblatt. An internal investigation identified the former employees as the source.

This incident highlights the increasing role that former and current employees play in undermining corporate security protocols. Malicious insiders will expose company data and IP for money, revenge or infamy.

Insider Threat Case #2: General Electric Employees Stole Trade Secrets to Gain a Business Advantage (2020)

In this famous insider threat case, two General Electric (GE) employees downloaded thousands of files with trade secrets from company servers.  They then uploaded the files to the cloud or sent them to private email addresses.  In addition, they convinced a system administrator to grant them inappropriate access to sensitive corporate data.

What happened next?  One of the employees started a new company with stolen intellectual property on advanced computer models used to expertly calibrate turbines used in power plants.  That company then competed with GE in tenders for calibrating turbines and submitted much lower bids than GE.

Not surprisingly, GE lost several several bids for turbine calibration to this new lower priced competitor.  When GE discovered that the company had been founded by their prior employee, they reported the incident to the FBI.  The FBI investigated this crime for several years, and in 2020 both malicious insiders were convicted and sent to prison.  They were fined $1.4 million in restitution to General Electric.

Here’s the issue: none of these malicious insider threat actions triggered a response from GE’s cybersecurity system.  Deploying Gurucul User and Entity Behavior Analytics would have enabled GE to detect and stop this particular instance of intellectual property theft in real-time.

Insider Threat Case #3: Capital One Data Breach Carried Out by a Single Insider (2019)

She was a former software engineer for Amazon Web Services, a cloud hosting company that Capital One was using. Taking advantage of a misconfigured web application firewall, the hacker accessed more than 100 million customers’ accounts and credit card applications. The company has since fixed the vulnerability and stated that “no credit card account numbers or log-in credentials were compromised”.

This famous insider threat case is particularly interesting because the hacker wasn’t concerned about hiding her identity. She shared her method of hacking into Capital One with colleagues on a chat service called Slack. Additionally, she posted the information on GitHub (using her full name) and bragged on social media about it too. This kind of behavior is a phenomenon psychologists call “leakage” where insiders who plot to do damage reveal their plans.

The hacker was arrested and charged with one count of computer fraud and abuse. Capital One expects the breach to cost up to $150 million.

Insider Threat Case #4: Disgruntled Employee at Tesla Changes Code, Exfiltrates Data (2018)

Again we see Telsa in the headlines for insider threat activity. Certainly, this insider threat case could have been avoided. But the electric car company neglected to put limits on the level of privileged access given to employees. It draws attention to the importance of having a security program that monitors user behavior to detect and prevent security incidents.

According to Tesla CEO Elon Musk, the saboteur used his insider access to make “direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.”

Insider Threat Case #5: Anthem’s Account Compromise Breach of Personally Identifiable Information (2015)

A phishing email gave hackers administrative access to Anthem’s health insurance company’s database, exposing of 78.8 million records of personal identification information. Records stolen contained medical ID’s, social security numbers, addresses, employment history, income data, etc. They were sold on the dark web. The hackers had administrative access for over a month.

The breach was discovered by a database administrator who noticed a suspicious database query running using his credentials. Then, he found out other credentials had been compromised.

The hackers sent employees phishing emails containing links to malware. Once clicked, the malware was installed, thus giving the hackers a backdoor to the database. They were able to access it remotely from their command and control server.

In 2017, Anthem agreed to pay $115 million to settle a class action lawsuit over the data beach. (Triumphing over the $18.5 million Target agreed to pay after being breached in 2013. Hackers gained access to 41 million customer payment card accounts).

Insider Threat Case #6: Target Data Breach Affects 41 Million Consumers (2013)

More than 41 million of the retail giant’s customer payment card accounts were breached in 2013. Hackers gained access to Target’s computer systems through stolen credentials from a third-party vendor. Four years later, Target agreed to pay $18.5 million in a multi-state settlement – the largest ever (up until that date) for a data breach.

In this famous insider threat case, the attackers gained access to Target’s customer service database and installed malware on the system. Hackers collected sensitive data like full names, phone numbers, email addresses, payment card numbers, credit card verification codes, and other customer data.

What Can We Learn from these Famous Insider Threat Cases?

In short, a weak insider threat program can have devastating consequences. That’s why we emphasize the importance of having a reliable insider threat detection tool, like Gurucul User and Entity Behavior Analytics (UEBA), to monitor your organization’s internal activities. Our powerful UEBA product leverages machine learning on open choice big data to predict unknown threats.

“Even progressive companies that can afford the best cyber-security protection can be taken down by one malicious insider,” says Gurucul CEO Saryu Nayyar.

Does your organization want to end up on the list of famous insider threat cases? We didn’t think so. Contact us today and learn why so many companies choose Gurucul for their insider threat detection needs.

Read Our Whitepaper

Learn more about how to stop the insider threat by downloading the whitepaper Uncover Insider Threats Through Predictive Security Analytics.