Data Leaks - points of evidence
Posted on 2011-05-09
How would you go about proving or disproving this kind of scenario that’s cropped up? Our company collects certain data for a specific “scheme” (lets call it scheme x for confidentiality purposes) for members of the public. It collects basic name address contact number and email address.
Someone has raised a complaint that they feel their email address collected for this scheme (x) has been leaked or extracted from the app/database by a member of staff. The reason they feel it has been leaked is they have received a similar email for a different scheme from somebody who in their part time works for this other scheme (scheme y), as well as our company (full time) that collects this data (scheme x). The person raising the complaint said there is no other way that they know of that this person would have their email address. So therefore the assumption is this person who runs scheme y in their spare time has downloaded a list of scheme x users and personal details and promoted scheme y to these users (albeit nobody else has complained as yet). Scheme x collects data via post (paper form) or email to a group scheme x type mailbox.
The front end GUI application to this backend database is accessible to over 60 members of staff via username/password credentials. Therefore there could potentially be 60 offenders. An added complication is that the chief suspect has been off on the sick for some while which opens up that someone could have got the data on his behalf. The application itself is developed I think it java, isn’t accessed with a browser so no idea what protocols are used to login, download data etc. It’s a SQL Server 2005 database but only sys admins have access to the backend all others access it through a managed GUI application front end.
Where would you start with such an issue? Aside from getting a forensics guy to image 60 PC’s ¿