A breach was detected at a Not-For-Profit (NFP) organization involving highly sensitive financial information of high-net-worth donors. On his last day, a Business Development Executive who had resigned sent an Excel file containing donors’ banking details to his personal email. He used his corporate email, believing the action wouldn’t be flagged as risky since he had previously used the same email to correspond with colleagues about the file.
However, GuardWare INSIGHT flagged the incident. The software’s AI detected the email forward to a personal account and scanned the attached file, identifying the sensitive content. The IT team took immediate action, contacting the individual and instructing him to delete the file. Given the sensitivity of the exposed data, the NFP reported the incident to the Office of the Australian Information Commissioner (OAIC).
The Australian Information Commissioner personally contacted the individual to confirm the data was deleted, warning that he could be held responsible if the data were to be made public. The Commissioner commended the NFP for their swift detection and response to the incident.
