Four former employees of an India-based pharmaceutical firm were arrested Tuesday after allegedly stealing data including sensitive details pertaining to drug manufacturing from their former employer.
According to reports late Tuesday, the employees are accused of stealing data including batch production control records, standard testing procedure, and raw drug data from an unnamed firm.
In drug manufacturing, batch production and control records are critical to ensuring compliance. The records contain the actual data and step by step process for manufacturing each batch. These records can contain everything from a complete list of raw materials used, their quantity and weight, instructions to ensure safety during the manufacturing process, equipment to be used, to the yield of a batch.
The arrests stem from a complaint made by the company's senior executive M. Koteshwara Rao, according to reports in both the Times of India and The Hindu on Tuesday. While the company wasn’t named by the publications, all signs point to the company being Transgene Biotek Limited, a biotechnology company based outside of Hyderabad.
Rao is listed as the Chief Managing Director of Transgene Biotek on both his LinkedIn profile and the company's website. According to the company’s About Us page, Transgene Biotek specializes in researching and developing vaccines and new drug delivery technology and was founded in 1991 by Rao.
The employees, Gunturu Srikanth Reddy, Mekala Krishna Reddy, Mekala Venkat Reddy, and S Yogeeswara Rao, were arrested on Tuesday by Cyberabad’s Cyber Crime Police unit after reportedly using the purloined data to manufacture drugs illegally in Visakhapatnam, a city on India's Southeastern coast, on the Bay of Bengal.
Per reports, Srikanth Reddy formerly served as a business development manager at the company but was fired in 2017 following what sounds like a series of malpractices. After being let go, Srikanth initiated Krishna, the company's production manager and Venkat, a chemist, to join him at a new company, Hubert Healthcare Pvt Ltd. According to the Economic Times, which aggregates data on companies via India’s Ministry of Corporate Affairs, Hubert Healthcare Pvt Ltd. was formed on December 27, 2017 and is located in Rangareddi, Telangana, in the Cyberabad district, outside of Hyderabad. Further details about the company – like what exactly it did – on the internet are scarce.
Speaking of scarce, it’s also unclear how the employees may have taken the data. According to reports, once he’d left the company Srikanth asked the others to transfer details of drugs manufactured by the company; in the complaint Rao alleges the employees saved the data electronically – although it’s not stated whether it was via e-mail or a USB thumbdrive. Srikanth then enticed them to join his new company by offering them a raise in pay.
Just how valuable the data stolen was or how much money the ex-employees may have made by manufacturing the drugs is also unclear. In a complaint filed with the police, Rao claimed that the technology used by its company to produce drugs is unique and considered intellectual property so it makes sense the company would want to defend its trade secrets.
If the pharmaceutical data was indeed valuable, it's unclear why the firm didn't take steps to secure it further by deploying a data protection solution designed to stop the theft of sensitive data, like batch production and control records used in the manufacturing of drugs.
