Everything has a value.
That value is equal to what someone will pay for it.
And personal data is a particularly enticing prospect.
Especially when that personal data is financial in nature, such as credit union customer details.
Just imagine how much that would be worth to another credit union, other financial institutions, or an identity thief.
Or, as the Irish Independent reports, a rogue private investigator from Scotland.
The online news story explains how the agent skipped out of Ireland when faced with a possible prosecution over data stolen from the Department of Social Protection.
Following a lengthy investigation by Assistant Data Protection Commissioner Tony Delaney, it appears as though the unnamed individual had hoovered up names and addresses which he then allegedly sold onto competing credit unions who, if true, could have found great value in such data no doubt.
The private investigator, who is said to have sold the personal information for not inconsiderate fees, was initially employed by the credit unions to track down bad debtors who had defaulted on their agreements.
However, the Independent says the investigator sensed his time was up and chose to leave his Dublin address for an alternative legal jurisdiction: the UK.
Furthermore, it appears the investigator took his stash of allegedly stolen personal information with him, prompting Delaney to share details of his investigation with his opposite numbers in Blighty.
Of course the accused’s new domicile does carry certain advantages in this case. If he is indeed guilty, the Irish authorities will be unable to effect a prosecution while he resides in Britain.
A spokeswoman for the Department of Social Protection said:
Every effort is made to ensure that personal customer data is used solely for business purposes and that it is not compromised in any way. The department assists the Office of the Data Protection Commissioner in all cases of suspected data breaches under investigation and puts substantial resources in place to deal with these.
Perhaps with one eye on a past in which private investigators were discovered to have been using social engineering to obtain people’s personal data on behalf more than 100 credit unions, the spokeswoman reiterated how the department had strong data protection and information security policies in place.
Whether that is equally true in this particular case or not I do not know as further details are unavailable but it does highlight how data has a cost.
Not only has a private investigator allegedly raked in the cash from selling information, credit unions have just as allegedly benefited from it too.
Then there is the cost associated with investigating the data theft and any fines that may, or may not, ensue.
And finally there is the cost to the people who’s data has apparently been sold on. Not so much a financial cost – they appear to owe money according to a legally binding agreement – but the human cost associated with having their private data accessed by an unauthorised individual. Who knows who it was sold to and to what purpose it will be put?
What are you doing to protect the personal data and other information within your organisation?