37% of publicly shared files expose personal information

Many sensitive documents stored on platforms such as Google Drive, Slack, and other collaborative work applications have been left unattended for several months or even years. This has led to data sprawl challenges for companies and significant data security threats for individuals and their employers, according to Metomic’s “State of Data Security in Financial Services” report.

86% of the files had not been updated in 90 days, 70% in over a year, and 48% in more than two years. The findings highlight the lack of data management oversight across industries, especially for financial services organizations that often handle exorbitant amounts of personally identifiable information (PII).

This “stale data” poses serious consumer data security issues for individuals and businesses, opening the door to identity theft and data security breaches—especially during tax season when so much personal data is being shared across digital platforms.

Last year, the U.S. Department of Treasury reported more than a million tax returns were flagged for potential identity theft, with over $6.3 billion in refunds requiring further scrutiny. During the same year, the IRS Identity Theft Victim Assistance program had 294,138 individual case receipts, according to the National Taxpayer Advocate’s annual report. Even more alarming is that identity theft cases tripled in less than five years— in 2019, the same organization filed only 92,631 individual case receipts.

“The amount of extremely vulnerable personal data—social security numbers, financial information, credit card numbers—lurking in publicly accessible documents is extraordinary and an abundance of it exists in an abyss of forgotten digital documents that are creating ongoing data security threats, especially for businesses in the financial services sector,” said Rich Vibert, CEO at Metomic. “Businesses are enabling unnecessary data security risks by allowing colossal amounts of outdated, stale files to take up space across their cloud-based apps. It’s imperative that IT and security teams have a data security platform like Metomic in place to gain full visibility into collaborative work apps like Google Docs and Slack so they can better manage those files, and delete any data that poses a security risk.”

Researchers also uncovered the following findings:

• When analyzing Google Drive access levels, Metomic found 2% of Google Drive files were publicly shared, 18% were available domain-wide (anyone with the same email domain as the file’s owner), 22% were shared with external domains, and 88% were stored in private user drives.
• Within an organization, the accounting, legal, HR, procurement, and customer success departments are more likely to share sensitive data than other business units.
• Among the public files flagged for containing sensitive data, 1% included payment card information and payment data—when looking at external files (files shared outside of an organization), that number goes up to 3%.
• Organizations are suffering from growing data sprawl challenges: The amount of sensitive data managed across all industries continues to increase by 1.3% every month.

“The financial services industry is especially vulnerable because much of the data that passes between employees, partners, clients, and vendors contains personally identifiable information. And the number of files companies retain just keeps growing. It’s a major data security issue that is only going to get worse in the coming years, leading to more and more identity thefts, malicious cyber security attacks, and data breaches that have the power to paralyze an entire industry,” said Vibert.