The Department of Social Services in Virginia Beach, Va., fired or disciplined at least eight employees in the past year for abusing their database privileges. Florida International University found the “existence of a database containing sensitive information that did not reside in a secure computing environment” The security lapse was not uncovered until an anonymous whistleblower sent a user name and password combo that gave access to the company’s client portfolio database. Lincoln National Corp. revealed that lax password management practices and frequent credential-sharing potentially exposed the records of 1.2 million customers.”]
Source: https://www.darkreading.com/attacks-breaches/six-messy-database-breaches-so-far-in-2010