by Warwick Ashford Security Editor 11 Mar 2016 ComputerWeekly
UK communications regulator Ofcom has revealed that a former employee offered stolen – commercially sensitive – information to his new employer, highlighting the insider threat.

The man’s new employer, a major broadcaster, declined the offer and alerted Ofcom that its former employee had downloaded up to six years’ worth of data while still at the regulator, according to the Guardian.

The data had been provided by TV broadcasters to Ofcom and could have been used by rivals to gain a competitive edge.

Ofcom has alerted all the TV companies that were affected by the breach – the biggest known breach in the regulator’s history.

“This was a breach of the former employee’s statutory duty under the Communications Act and a breach of the contract with Ofcom,” the regulator said in a statement.

“Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner,” the regulator said, adding that the extent of the disclosure had been “limited” and “contained”.

Secuity industry commentators say the breach underlines the need for organisations to take seriously the threat of insiders wittingly or unwittingly leaking commercially sensitive data.

“Spotting cyber security incidents that arise from within a company can be particularly tricky, as the perpetrator may have legitimate access to sensitive data,” said Luke Brown, vice-president and general manager for Europe at security firm Digital Guardian.

“This breach shows that regardless of any defensive perimeter security, without taking steps to secure the data itself organisations can still fall victim of a significant data breach.”