So they say. I’m suspicious that a lot of these data breaches aren’t insider jobs. Cases where an employee acting as a foreign agent and getting paid well to do it.
The actual cause of the problem has been admitted. It was a J2EE Struts app that used a release of Struts that had a serious flaw.
I’m sure if you asked a high-level manager: “Do your systems use Struts?” he would have answered “I don’t know; what is Struts?” Thus these problems....
I remember reading that lots of early spammers were inside jobs (pre botnet days). Somebody would back a truck of a couple of servers up to a site, the inside guy would run some cables out to the truck, and up went the spam. Lots of people looking for ways to pick up a few bucks.