The Ashley Madison data breach scandal is exploding because of the nature of the business, but technologically it is no different than any other breach scandal: some hackers found a way into a system, stole data, and then released it to the public. Okay, so that last part doesn’t always happen. In the case of most credit card data breaches, the information is auctioned off in the Dark Web.
For compliance officers, there’s an additional issue: insider information. It is unfortunate to find out that one of your traders’ Ashley Madison account has initiated divorce proceedings. Even worse, that trader may have used insider information to brag about his role in an important market movement. Or maybe your trader created one of those fake accounts and has been targeting traders at other banks to milk them for information. Essentially, any place where there could be interaction between people is a information security risk. And sites where people must keep mum are places where legitimacy must be won in ways other than outright bragging. This is the kind of situation that could easily lead to slip ups.
If your trader, or anyone else at your institution, has been found to be using Ashley Madison, now that their identity is assuredly exposed along with information they might have shared on their profiles or in messages, an investigation must be performed to make certain that nothing else has been leaked.
Do you have an account on Ashley Madison?
Shhh… I won’t tell…
About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.