This is the question that security firm Cyber-Ark asks referring to the case of a California bank employee who sold his employer's computers on eBay - and even pawned them to raise cash - highlights the need for digital data vaulting security within companies of all sizes.
"This case illustrates that [sic] good old employee theft is yet another security risk facing organisations," said Mark Fullbrook, Cyber-Ark's UK Director, who added that, in the case of the 34-year-old bank employee, the fact that up to 15 bank PCs have gone missing, almost certainly means that bank customer and/or employee data has gone too.
According to Fullbrook, this is noteworthy as the physical theft of desktop PCs is rarely seen in large organisations, owing the low second-hand value placed on such machines these days.
"Usually it's the laptops that gets stolen, but this time around it's the desktops at the bank that have been stolen. This illustrates the need to adopt a data encryption rule for all personal data held on computers in an organisation, and not just for laptops," he said.
The bank employee at the centre of the US bank computer theft case now faces up to three years in prison, but, says Fullbrook, if any customer data lost as a result is used for fraud, then the incident could be an expensive one for the Northern Trust Bank.
"The US is a highly litigious country and the bank could yet see a class action lawsuit, even if the data is not used for fraud. If I were a Northern Trust Bank director, I'd be more than a little worried about this case," he said.