It seems that there is a whole crew of security professionals that are actively involved in vetting the credentials of users during their authorization process for gaining access to data (or not).
Two questions:
- When was the last time you were asked by your HR department to validate whether a passport or driver’s license was legitimate during employee in-processing?
- When was the last time you evaluated the backgrounds of the employees of business partners who have been given access to your data?
It is very, very, very rare that a "Chief Information Security Officer" gets involved in addressing these types of issues. If you currently do, don’t ever quit your job. If you don’t, please stop acting flabbergasted about an incident when one of your colleagues doesn’t either.
It appears we’ve lost the thread of decency in the face of adversity somewhere.