The Ashley Madison Lesson – Part 2

People are, of course, focusing on the sensational aspect of the Ashley Madison data breach. But since this has really captured the attention of so many people, I should like to point out something about the data that was stolen and shared with the public (so far).

There are, of course, information about the members, their profiles, their login information, their credit card transactions, etc. But it also includes loan agreements, compensation records, corporate bank account information and corporate strategy plans, including domains registrations. Even if this was an isolated incident that had already been contained, the whole business is not at risk.

This data breach now may have breached the Chinese wall. Chinese wall is an information wall that protects firms by blocking employees from being able to access information about a client when their interests present a conflict. All the work that was done to create that wall now must be examined because the wall is still there but this breach has served the information on a silver plate, no effort needed by the employee. This isn’t to say that employees are trying to breach the Chinese wall, but they may do so inadvertently.

Some refresher notices and training should developed to remind people about conflicts of interest issues, including changes in policies and procedures being made to adapt to the post-AshMad world. There isn’t much more that can be done on the compliance front because the rest is a technology issue. Some new testing of controls might also be required, now that there was a leak.


Do you have an account on Ashley Madison?
Shhh… I won’t tell…


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


btn_donateCC_LG

Advertisements

The Ashley Madison Lesson – Part 1

Ashley Madison Home Page Background

The Ashley Madison data breach scandal is exploding because of the nature of the business, but technologically it is no different than any other breach scandal: some hackers found a way into a system, stole data, and then released it to the public. Okay, so that last part doesn’t always happen. In the case of most credit card data breaches, the information is auctioned off in the Dark Web.

For compliance officers, there’s an additional issue: insider information. It is unfortunate to find out that one of your traders’ Ashley Madison account has initiated divorce proceedings. Even worse, that trader may have used insider information to brag about his role in an important market movement. Or maybe your trader created one of those fake accounts and has been targeting traders at other banks to milk them for information. Essentially, any place where there could be interaction between people is a information security risk. And sites where people must keep mum are places where legitimacy must be won in ways other than outright bragging. This is the kind of situation that could easily lead to slip ups.

If your trader, or anyone else at your institution, has been found to be using Ashley Madison, now that their identity is assuredly exposed along with information they might have shared on their profiles or in messages, an investigation must be performed to make certain that nothing else has been leaked.

 


Do you have an account on Ashley Madison?
Shhh… I won’t tell…


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


btn_donateCC_LG