From The Register http://www.theregister.co.uk/2009/01/14/ny_cop_gilty_plea/

In short, a New York policman abused access to a computer to glean details from the FBI terrorist watch list. There were a series of abuses here, not just those of the officer charged. He did not have access to the watch list himself, he used the logon credentials, username and password, of a fellow officer who left his "credentials on a notepad so his co-workers could access the system when he wasn't around"

Astonishing. No two factor authentication in place, the officer left his credentials for others to use; and used they were!

I'm sure that there are acceptable use policies in place that the officer who left his credentials on a notepad had breeched. I'm sure there was a logon banner or some such warning that unauthorised access was unacceptable but it occurred anyway. So how did this unfortunate series of events occur?

The officer who used the credentials thought he was being helpful, whether he had a vested interest in assisting the individual for whom he extracted the information is anyone's guess.

The officer who left his credentials for others to use, obviously did so because there was a perceived need. Perhaps too few personnel had accounts to access the information. Obviously, he again thought he was being helpful.

What I find most interesting about this story is that there is no mention of any penalty or conviction for the officer who left his credentials for all to see. I'm guessing e would at least had training concerning the security of the system concerned, and the importance of preserving the confidentiality.

Notwithstanding the usual "what, cops trustworthy?" type comments, it is obvious every workplace will have Insider Threats, the police force included.