Ofcom has acknowledged a major data breach after a former staff member took key information, but has denied that the employee attempted to give it to the media organisation they had joined.
An employee at the media company that was offered the information alerted the telecoms regulator to the incident, prompting a quick response.
"On 26 February we became aware of an incident involving the misuse of third-party data by a former Ofcom employee. This was a breach of the former employee's statutory duty under The Communications Act and a breach of the contract with Ofcom," Ofcom said in a statement.
"Ofcom takes the protection of data extremely seriously, and we are very disappointed that a former employee has chosen to act in this manner. The extent of the disclosure was limited and has been contained, and we have taken urgent steps to inform all parties."
The incident obviously reflects badly on Ofcom and its privacy precautions and underlines the risk to data posed by staff and ex-employees, as Mark Bower, global director of product management at HPE Security, explained.
"This event illustrates that a strong network perimeter just isn't enough. Perimeter security is similar to a fence around a house, but what if someone inside the house is the thief?" he said.
"Today it's imperative that organisations adopt a data-centric security approach that defends the data itself, typically by encryption or tokenisation.
"This ensures that, no matter where the data resides, if a hacker gets it, or in this case an employee who is granted legitimate access, the data is protected and isn't useful. This ability to render data useless if lost or stolen is an essential benefit to ensure that data remains secure."
Has Samsung cracked the converged desktop where Microsoft Continuum failed?
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?