Here we have a good lesson in file security from Las Vegas' Palms casino: The IT department reported that on April 14, Hemingway had emailed from her Palms email address to a personal email address extensive amounts of Palms data from a system called the ''Super Playmate'' database, including:
- The ''Palms’ High Worth Customer List,'' containing data on 86 of the property’s largest customers with $11.7 million in play history. This included their play records and credit amounts.
- A telemarketing list naming 419 more ''high worth customers'' with a combined credit line of more than $12 million.
- A February slot tournament list with information on 1,050 players.
- A list with information on 6,000 players who qualified for invitation to the Palms 2012 Super Bowl party.
- A list of 4,000-5,000 inactive players.
- A 2011 marketing document covering the property’s entire special events and marketing campaign for out-of-town customers.
- The Palms said this information wasn’t readily available to Hemingway and that she had no authority or reason to possess it.
Both file and database breaches often show some similar characteristics that security teams should note:
- Proper access rights reviews were not occurring. Think back to Manning's access of Hillary's files that enabled WikiLeaks.
- Security policies to layer additional access controls could have blocked or at least alerted on the activity.