Companies spend a lot of energy keeping data safe from outsiders. But the real villains may be insiders — that’s the lesson learned by this bank, its employees and its customers.

Adeniyi Adeyemi, a former computer technician with the Bank of New York Mellon, recently plead guilty to stealing sensitive information about bank employees.

Over an eight-year period, Adeyemi stole passwords and other info belonging to 2,000 bank employees, including his co-workers in the bank’s IT department, ComputerWorld reports. Accounting to the charges against him, he used his access to transfer money from several charities’ Mellon accounts into bogus accounts he set up using his co-workers’ personal info.

Adeyemi also admit to stealing funds directly from the employees’ accounts.

The lesson for businesses: You don’t know who you can trust. Conduct background checks on new hires, especially those who will have access to databases containing sensitive information. Also, make sure staffers only have access to parts of the network they need for their job duties.

Tags: Bank of New York Mellon, insider hacking, personal information, theft