Having the ability to access a computer without authorisation in order to commit other crimes such as identity theft, is a serious issue and one that shows poor identity management practices. These poor processes meant that an employee could easily unlock and unblock mobile devices.
Strong identity data classification and access controls should have recognised that the information was sensitive, and no one should have had access to it without being properly authenticated. Therefore, it is crucial that organisations define access levels to users based upon risk and justifiable need. The correct identity management systems would identified that the individuals should not have had access to certain data.
This story should be a lesson to all. Businesses must implement an Identity Access Management solution which can unify and streamline their identity data to provide a single source of truth. With complete and accurate user profiles, organisations can be calm in the knowledge that access is only given if authorised.