The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Former Coke, Eastman Employee Stole Chemical Formulas: Report

by Chris Brook on Wednesday February 20, 2019

Contact Us
Free Demo
Chat

Prosecutors say that as part of a conspiracy to steal trade secrets, the Chinese-born scientist stole data related to bisphenol-A-free food packaging worth $120M.

When it comes to cases about Chinese intellectual property theft, the Department of Justice is beginning to sound a bit like a broken record.

The department revealed last week that it’s indicted a Chinese national for engaging in a conspiracy to steal American trade secrets in hopes of benefiting China.

It’s the third such case to make headlines this year, following news that a former Apple employee stole data on its autonomous car program to benefit a Chinese company and the DOJ's recent charges against the telecom Huawei.

This case involves proprietary data relating to bisphenol-A-free (BPA-free) coatings - chemicals used to coat the inside of cans and other food containers to minimize flavor loss and prevent corrosion – valued at $120 million.

According to the DOJ, the Chinese national, Xiaorong You, worked in collaboration with two other co-conspirators to allegedly steal formulas from not one – but two former employers.

“The facts laid out in this indictment show the conspirators engaged in blatant criminal activity,” FBI Executive Assistant Director for the National Security Branch Jay Tabb said last week. “They didn't stop at going after technical secrets belonging to just one company.  They allegedly targeted multiple companies and made off with trade secrets at an estimated value of almost 120 million dollars.”

The indictment, filed last Tuesday, doesn't explicitly name either of You's employers but according to The Wall Street Journal, which reported on the case two days after the indictment was filed, one of them was Coca-Cola. The beverage conglomerate told the publication it employed You as a principle engineer for global research and was one of the indictment’s subjects last week. US-based Eastman Chemical, a Fortune 500 chemical company that manufactures chemicals, fibers, and plastics, confirmed on Friday that it was the second company named in the indictment.

It was widely assumed that Eastman, where You was a packaging application development manager, was involved as the company competes in the BPA-free coating business and is located, as the indictment hinted, in Kingsport, Tennessee.

You was one of a select few with knowledge of the BPA-free coating trade secrets at Coca-Cola but waited until she had been at the company for four years to carry out the theft.

The DOJ claims that You worked in tandem with Liu Xiangchen, one of her co-conspirators, to transfer the stolen trade secrets to an unnamed Chinese company, after which the company would hire her and pay her for her services.

You took photos of the trade secret files on her computer to bypass security but also transferred files containing sensitive data to a personal external hard drive.

When You changed jobs, in Sept. 2017, she continued the conspiracy the DOJ alleges. You took photos of laboratory equipment – presumably at Eastman - and uploaded files containing trade secret information to her Google Drive cloud storage account. She also still possessed the external hard drive that contained trade secrets belonging to Coca-Cola, "with the intent to use that trade secret information to the detriment of its owners."

The conspiracy goes deeper still. You, Xiangchen, and a third, unnamed co-conspirator agreed to form a new Chinese company to oversee the stolen trade secrets and recruit an Italian company, which had BPA-free manufacturing abilities, to establish a presence for their new company. The end goal - and you may have seen this coming - was to ultimately erect their own laboratory and compete with U.S. and foreign companies for business using the stolen trade secrets.

China's Ten Thousand Talents program, a government initiative designed to encourage workers to return to China to promote the country's technological development, was apparently integral to the theft too.

In addition to hiring her and paying her for the stolen data, the company also said it would help her win a talent award similar to the program, the Yishi-Yiyi, which came with a monetary award.

In total, You stole and attempted to appropriate seven trade secrets, including information on coatings, BPA-free interior sprays, FDA- and EU-compliant food-contact-safe coatings, and the priciest, Eastman’s resins for BPA-free coatings for inside metal packaging.

Eastman, for its part, said on Friday it had controls in place to prevent and detect the theft of confidential information.

"As an innovation-driven maker of additives and specialty materials, Eastman takes protection of its intellectual property seriously and we have controls in place to help prevent and to detect theft of confidential information," the company's chief legal officer David Golden said in a statement.

Those controls must have tipped Eastman off to You - the indictment claims she knew was going to be fired on June 21 – but it appears they weren’t calibrated to prevent her from uploading data to her Google Drive account that same day.

Stopping employees from taking photos, one of the ways we learned Jizhong Chen -  the former Apple employee charged in January - stole data, can be almost impossible. By having data loss protection technology in place that can stop an employee from moving files, both to a personal external drive, or cloud storage, a la Google Drive, these incidents likely could have been prevented however.

Tags: IP theft, Government

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.