The New York City Police Department (NYPD) is in the process of notifying around 80,000 active and retired police officers that their personal information has been compromised. One employee from the New York City Police Pension Fund (NYCPPF) has been arrested for stealing tapes containing the records.

According to the New York Post, on February 21, Anthony Bonelli, 46, who was at the time employed as the PPF's director of communications, succeeded in sneaking past one of the guards of the Disaster Recovery Site, where the fund's data backups were being kept. Once inside, Bonelli turned off the security cameras and extracted several tapes containing sensitive information about police officials.

A sample letter (PDF) from PPF's website specifies that "These business records contained data about retired and active members of the Police Pension Fund, specifically, data that may have included personal information such as social security numbers, names, addresses and bank account data."

Police officers along with IT specialists descended on Bonelli's house on February 27, after the incident was discovered. There, they found the missing data tapes and proceeded to arresting the suspect. The director is said to have raised suspicions at work through various comments that he made.

The notification letter points out that only employees hired before May 2007 have been potentially affected by this incident, and stresses that "Undercover identities and undercover information WAS NOT compromised, as their data is not maintained at the DRS."

According to data protection laws, the fund offered free credit monitoring services for one year with Equifax Credit to the victims of this security breach. It is also being pointed out that data stored after May 2007 is encrypted, something that is rarely seen with such incidents.

Because Anthony Bonelli did not have authorization to be in Disaster Recovery Site, in addition to grand larceny, he has been charged with trespassing and burglary. The judge has set bail to $2 million.

Some studies and surveys have revealed that some of the biggest security threats that companies are facing come from disgruntled or negligent employees. We have previously reported several such incidents, the latest of which involves a rogue system administrator from the Fannie Mae mortgage giant, who planted a computer time bomb that was set to erase all the financial data and backups from the company's systems. The plan would have most likely succeeded, if the malicious script hadn't been discovered by another technician.