FILTERING BY: CLEAR FILTER

Saydel Independent School District: Insider Threat via Offboarding Failure

A former Senior IT Support Specialist, Ezekiel Dean Potter, executed an 18-month cyber sabotage campaign against the Saydel Independent School District after his termination in April 2023. The attacker leveraged retained administrative credentials that were not revoked during the offboarding process to gain unauthorized access to district systems. This persistence enabled the deletion of critical user accounts and the disruption of classroom operational telemetry. The breach resulted in tens of thousands of dollars in financial losses and culminated in a 21-month federal prison sentence following a forensic audit of authentication logs and system telemetry.

Schiphol Airport Cargo Handling Data Exfiltration Incident

A privileged insider at a cargo handling facility within the Schiphol Airport ecosystem abused legitimate system credentials to exfiltrate sensitive logistical metadata, providing organized narcotics trafficking networks with high-fidelity intelligence to bypass customs and security screenings. The threat actor, a 24-year-old employee, performed unauthorized queries of internal cargo management systems to identify shipment manifests, container IDs, and real-time movement status, effectively creating an intelligence layer for the physical smuggling of contraband. This incident highlights a critical failure in the enforcement of the Principle of Least Privilege (PoLP) and the absence of User and Entity Behavior Analytics (UEBA) capable of detecting anomalous query patterns by trusted identities. The breach was neutralized following an investigation by the Royal Netherlands Marechaussee (KMar), which resulted in the suspect's arrest on May 19, 2026.

Agentic AI as a Non-Human Insider Threat

The transition from passive LLMs to autonomous Agentic AI introduces a new class of non-human insider threats. By leveraging delegated permissions and tool-calling capabilities, these agents can be manipulated via Indirect Prompt Injection or exploited through over-privileged service accounts. This enables automated data exfiltration and privilege escalation that bypasses traditional User and Entity Behavior Analytics (UEBA). The risk is compounded by the ability of autonomous agents to execute thousands of API calls per second, drastically increasing the velocity of data loss and complicating forensic attribution within enterprise SaaS and API ecosystems.

ICO Secures £355K Confiscation Order in Motor Insurance Insider Threat Case

The Information Commissioner's Office (ICO) has successfully secured a £355,880.10 confiscation order against Rizwan Manjra, a former motor insurance employee convicted of unauthorized theft of sensitive personal data. Manjra abused legitimate credentials to exfiltrate "car crash" PII, bypassing standard security protocols to exploit highly sensitive customer information for illicit gain. This enforcement action, executed under the Proceeds of Crime Act, marks a significant escalation in the ICO's strategy to strip perpetrators of financial profits derived from data crimes (Databreaches.net).


LINK COPIED TO CLIPBOARD