Digitalendpoint Blog

We offer our best advice, research, how-tos, and insights with the goal of helping you increase employee productivity and protect your business from insider threats.

Insider theft in the news again

by | Mar 13, 2015 | Other | 0 comments

Yes, sadly it’s yet another “insider theft lawsuit” to add to the list…

This one has an interesting spin on it, in that, the “five” are described by the company as “the best performing sales people”.

SunPower allegedly noticed the theft after a few months had passed, when one of the former employees was supposedly caught, with his hand in the proverbial cookie jar, attempting to sign in to use his email account, after he had left the company…

SunPower Corp., a publicly traded manufacturer of solar panels, accused the five in federal court in California of stealing proprietary information from the company and using it to benefit a rival firm.

The five allegedly all connected personal USB storage devices to SunPower systems and stole the data just before they jumped ship to join the competitor, SolarCity.

Also, named in the lawsuit for knowingly accepting the stolen data is SolarCity, the rival firm that now employs the five former SunPower employees.

In a public statement, SolarCity said:

“It takes trade secret issues very seriously and would act in accordance with the law”.

“SolarCity has grown significantly in the past few years and this growth threatens SunPower.”

“SolarCity’s work environment and leading service offers are attracting some of the best people in the industry to the company,” SolarCity said in its statement. “SunPower is apparently taking exception to that.”In its formal complaint, SunPower alleged that a former managing director of SunPower’s east coast operations and four other relatively senior sale employees stole tens of thousands of files from company servers and from its CRM database.

According to SunPower, the files included quotes, deals, proposals, contracts, market analysis and business analysis data.

The employees are also alleged to have stolen customer contact information and information on previously sold products, and potential new clients.

The stolen information allegedly included data on customers who had accounted for some “$100 million in sales” for SunPower.

Unfortunately, as we have seen in the media, such insider theft is not uncommon. This is just one more reminder of how malicious insiders pose a threat to corporate data and intellectual property!

Over the past few years, there have been numerous cases where insiders with privileged access to corporate networks and systems have misused that access to steal data.

According to the recent research released by Symantec:

“Most organizations are aware of the security threats posed by outsiders, but the malicious insiders within their own ranks may pose an even greater risk,” “In this era of global markets, companies and government entities of all sizes are recognizing the ever-expanding challenges of protecting their most valuable asset—their intellectual property—from rivals.

Build a Team to fully address Insider Theft:

“organizations need to have a dedicated team made up of HR, security, and legal professionals that create policies, drive training, and “monitor problem employeessaid Francis deSouza, group president, Enterprise Products and Services, Symantec Corp.

The Symantec research states that, Theft of intellectual property costs U.S. businesses more than $250 billion per year and FBI reports confirm that insiders are a major target of opponent efforts to steal proprietary data and the leading source of these leaks.

Based on a review of empirical research, Dr. Stock and Dr. Shaw have identified the key behaviors and indicators that contribute to intellectual property (IP) theft by malicious insiders. The most compelling patterns observed include:

  • Insider IP thieves are often in technical positions – The majority of IP theft is committed by current employees who serve in positions including engineers or scientists, managers, and programmers. A large percentage of these thieves had signed IP agreements. This indicates that policy alone—without employee comprehension and effective monitoring—is ineffective.
  • Typically insider IP thieves already have a new job – About 65% of employees who commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft. About 20% were recruited by a competitor who targeted the data. In addition, more than half steal data within a month of leaving.
  • Malicious insiders steal information they are authorized to access – Subjects take the data they know, work with and often feel entitled to in some way. In fact, 75% of insiders stole material they were in fact authorized to access.
  • Trade secrets are the most common IP stolen by insiders – Trade secrets were stolen in 52% of cases. Business information such as billing information, price lists, and other administrative data was stolen in 30%, source code (20%), proprietary software (14%), customer information (12%), and business plans (6%).
  • Insiders use technical means to steal IP, but most theft is discovered by non-technical employees – The majority of subjects (54%) used a network–email, a remote network access channel or network file transfer to remove their stolen data. However, most insider IP theft was discovered by non-technical staff members.
  • Key insider patterns precede departure and theft – Common problems occur before insider thefts and probably contribute to insider’s motivation. These precipitants of IP theft support the role of personal psychological predispositions, stressful events and behaviors as indicators of insider risk.
  • Professional setbacks can fast-track insiders considering stealing IP – Acceleration on the pathway to insider theft occurs when the employee gets tired of “thinking about it” and decides to take action or is solicited by others to do so. This move often occurs on the heels of a perceived professional set-back or unmet expectations.

The Symantec report features pragmatic recommendations for managers and security personnel concerned with intellectual theft risk, including:

  1. Organizational Issues:  Organizations need to evaluate if they are at greater risk due to inherent factors—employee morale, competitive risk, adversary operations, use of local contractors, etc.
  2. Continuing Evaluation:  Without effective employee monitoring and enforcement, compliance will lapse and insider risk will escalate.

So here is that famous question again:

Is your customer list a trade secret?

Well as we have seen over the years, many court rulings on this very topic seem to fall along the lines that a mere list of just company names is not a trade secret, but a customer list that contains information about customers that is not readily available to the public, information about the amount and type of products customers purchased from you, along with contact information, etc. and / or that required some form of investment for your company to assemble is likely protect-able under the Uniform Trade Secrets Act.

More often than not customer information is typically pretty accessible within an organization and justifiably so, the need for efficiency and productivity in an organization overrules any attempt to lock the company CRM down tight.

Sales Teams, Marketing Staff, Support Teams and Finance – at the bare minimum – all have access.

Along with streamlined access to promote efficiency comes opportunity – if someone wants to take CRM data and get it off your network, Face it folks, it’s not that hard to do this anymore in most places!

From a common sense perspective, if you believe it would harm your business if a sales rep resigned, and took your detailed customer information with them to a competitor, you should take a few basic and simple proactive steps to protect your customer list!

Learn more about what businesses just like yours are doing to protect themselves against insider threats at

Submit a Comment

Your email address will not be published. Required fields are marked *