This was a big one as they got 5 years worth of records in one shot covering hundreds of employees. They got in and the city had no clue until it was way to late.
Really starting to think that anyone who has personal information of customers or employees should be required to keep information that isn't required for day to day activities in an air gaped storage. Then this data should only be able to be called up with a human to verify that they are giving it to someone that is allowed to have it.
Yes the costs would increase, but the long term security benefits to your customers would be a big benefit. That benefit would draw certain customers who are willing to pay a premium for their privacy being protected.
Great idea - I have been thinking something similar recently that there needs to be more human contact in security issues. As in th eold days in banks for example, the bank clerks knew customers faces, families etc. Today we are alla number and no one know Jack from Jane. A psychopaths dream
We bank with a smaller local bank and they know me when I walk in. Been with them for 12 years now. A couple years ago they got bought out by a larger small bank and I was worried. But they kept on the same staff so it hasn't changed much except how long it takes them to find my account number for me. Love feeling like an important customer and probably give up some features other larger banks offer....but honestly I wouldn't use those features anyways.