According to the second monthly Insider Threat Index generated by Reconnex, a Mountain View, Calif.-based enterprise risk management vendor, 91 percent of the companies undergoing assessment in July exposed credit card numbers, and 82 percent exposed employee Social Security numbers.
"The origin of the vast majority of these disclosures stemmed from human resources departments," said Reconnex's July index report. "[These departments] often accidentally exposed employees' personal information when they communicate with partners in health insurance, payroll, workers compensation, and other third-party processors."
In other cases, claimed Reconnex, employees are exposing data by sending files using Web e-mail services such as Hotmail and Yahoo Mail.
"We are seeing evidence of a growing trend regarding the distribution of sensitive data via Webmail," said the index's report. "Because so many corporations are setting size limits on files attached to e-mails, employees' only recourse is to send large, sensitive files using their own personal Webmail accounts."
The July index report can be downloaded as a PDF from Reconnex's Web site.