MySpace Fires Employee After Data Breach

[security curmudgeon <jericho () attrition org>]

http://www.switched.com/2009/04/18/myspace-fires-employee-after-data-breach/

MySpace Fires Employee After Data Breach
by Warren Riddle  Apr 18th 2009 at 8:03AM

MySpace employees experienced some unusual high and lows this week at 
work. On Monday, workers for the social networking site learned of a data 
breach orchestrated by a fellow employee, who collected names, Social 
Security numbers and compensation information of many of his co-workers. 
Fox Entertainment Group (the company that operates MySpace) sent e-mails 
to all employees alerting them to the incident, and assured them that no 
bank account or medical information was compromised.

Fox Entertainment promptly terminated the perpetrator; a departure from 
the typical MySpace and Facebook firing stories we often cover here at 
Switched. The internal e-mail, which was forwarded to TechCrunch, told 
employees that the thief used the acquired data to "annoy selected 
individuals," but did not send the information to any third parties. At 
least the thief didn't crash the company's server, as we've seen before.

In addition, MySpace employees received some slightly odd news via e-mail 
Wednesday evening: Southern California Edison power company had to shut 
down power to MySpace's Beverly Hills headquarters from 9 a.m. to 6 p.m. 
on Thursday. Employees were encouraged to grab their laptops and work from 
home the while the power was off. Since the e-mail went out after many 
workers had already gone home for the day, we're guessing many of them 
conveniently "missed" the part about grabbing their laptops. C'mon, 
everyone needs a day off! [From: Tech Crunch]


Original article contains the letter sent to employees:

http://www.techcrunch.com/2009/04/16/snow-day-employee-arrest-at-foxmyspace/

Sent: Monday, April 13, 2009 8:27 AM

[..]

Certain confidential employee information (including at least your name, 
social security number, and certain compensation information) was 
acquired..

[..]

> From what we have just learned, it appears the former employee first 
acquired the information in June 2008 (or possibly earlier).
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss