There is a report that the lowest-paid employees at various banks are selling customer data, which is sad and also not unexpected. Those who have access to sensitive information can be tempted to part with it for a quick profit. I've seen this in the past in restaurants and retail stores. Sometimes with credit card or other data, but also with knowledge (or keys) that would let someone burglarize the premises.

There's a great quote in the article that says: "The more employees there are inside a company with access to sensitive customer information, the higher the risk that access is going to be abused." I think that's very true in most companies, which is why governance and data controls are becoming more important in some organizations. I wish it were a global trend at all companies, but far too many don't think there is a high risk, or that their employees will abuse their privileges.

I'd like to think most IT people wouldn't be tempted to sell or disclose info, but I'm not sure that's true. While many IT staffers are paid well, well is relative. Some might not think they're compensated enough or they might feel pressure from their own financial stresses to compromise that data of others.

Privileged access is just that: privileged. While it can be a pain to have a separate account for certain access, the intention is that you are reminded that this account can access things that others should not see. In my career, I've tried to remember this and be careful with my access, though admittedly, I've done plenty of non-privileged things with a privileged account, being lucky enough that nothing bad happened.

Security continues to be a problem in so many places, and with the vast amounts of data we collect, and the growing desire for many organizations to let AI LLMs view that data, I suspect we'll likely have more problems in the future not less. While we might not have as many humans that decide to sell our data, I suspect we'll have many more AIs that can be tricked into disclosing it.