Despite how truthful or honest a person may seem, more often than not, a person's word is only worth so much.
When a recent executive at Pacific Woodtech Corporation, a Washington-based manufacturer of wood products, left the company two months ago, he assured his CEO he wasn't going to misuse any of the company's trade secrets he had access to.
As the employee was planning to join PWT's primary direct competitor, this condition was especially important.
According to a complaint filed last week in the United States District Court of the Western District of Washington, the employee, Daniel Semsak, PWT’s Northeast and Northwest Business Development Manager, didn’t keep his word.
In fact, just a few days later at a trade show, Semsak - now working for the competitor - boasted having confidential PWT pricing strategies involving PWT customers. Per the complaint, PWT was informed of Semak's claims, made in an attempt to gain a competitive edge, by a customer who he interacted with.
Judging from the court document, perhaps unsurprisingly, PWT was incredulous. The company asked him to halt his misconduct and return any trade secrets belonging to the company he may have.
While Semsak obliged - he returned a single flash drive that contained mostly non-sensitive data and human resources documents - the company would come to find out he'd lied again. Upon reviewing Semsak's last two weeks of activity, the company discovered he had downloaded some of PWT's most sensitive data, including trade secrets, onto not one but multiple flash drives - none of which he returned to the company.
While the fact that Semsak had access to all of this sensitive data isn't a surprise - he had access to "a wide variety of PWT's most confidential, proprietary, and trade secret information," including information on products, customer and sales information, pricing and financial data, market analyses, marketing strategies, according to the complaint.
Judging from that court document, Semsak took a little bit of everything, including: “intellectual property related to PWT’s new and developmental products; PWT customer and sales information (including key contacts, order history and preferences, and other confidential customer information); pricing information and strategies; financial information and analyses; market competitive analyses; business, sales, and marketing strategies; and operations information.”
While Semsak willingly surrendered the flash drive containing non-sensitive data, he hasn’t returned any of the other data, a fact that no doubt lead to the lawsuit.
The complaint doesn’t get into what type of trade secret data Semsak misappropriated and misused but it's probably safe to assume they stem from the company’s line of business: Engineered wood products, like LVL and I-Joists. In engineered wood, I-joists are traditionally made from lumbar flanges while LVL - made from laminated veneer lumber - keeps I-joists in place. PWT sells them worldwide.
While Semsak was given high-level to this information, it doesn’t appear there were enough fail safes in place to prevent him from moving this sensitive data onto personal flash drives. The document claims it limits access of its trade secrets to individuals "subject to the duties of confidence" and in some instances on a need to know basis, using passwords and physical security. Absent apparently were any were any data protection solutions or mechanisms designed to protect against the exfiltration of data.
While USB flash drives are certainly easy to use, they lack security, leaving the onus squarely on organizations to implement policies and restrictions to mitigate data loss.
