There are many sorry tales regarding national secrets, trade secrets, or other key intellectual property (IP) being hoovered up and misused by departing employees.
I am keenly following a recent case where an employee of Nvidia was convicted by German authorities of stealing source code and other confidential documents from Valeo during his previous employment. The theft was exposed during a conference call in which, after minimising a presentation, the ex-employee exposed his desktop containing the stolen documents to his former Valeo colleagues. (https://lnkd.in/g6dYUfyR)
In May 2022 a federal judge in Tennessee sentenced an IP thief to 14 years jail for stealing trade secrets, engaging in economic espionage, and committing fraud. The former Coca-Cola employee was found guilty of stealing the protective chemical coating (BPA-free) formulae used to treat the inside of beverage cans. The theft was facilitated using external hard drives and Google Drive storage. (https://lnkd.in/gE8yRAZZ)
Companies are mostly alive to this form of loss prevention and typically deploy several technical safeguards including:
a) USB restrictions
b) Blocking online file repositories
c) Endpoint monitoring of user activity
In my experience less attention is given to the risk of new employees coming in the door with stolen IP. Should illicitly obtained IP make its way into an employers’ information systems, into email, shared drives, and collaborative workspaces, its spread can be exponential. Worse still, the toxic data may be used unwittingly (or deliberately) by the incoming employee’s new colleagues in marketing pitches and business deals.
The consequences of IP loss can be high for the rights holder but it is often higher for the recipient company that is subject to lawsuits in terms of legal costs, lost productivity, compensation, and brand damage.
This cautionary tale underlines the importance for employers to be vigilant to the risk of incoming stolen IP.
Stay tuned for further posts where we unpack some of the tradecraft and technology used to assist clients in digital investigations.