That’s the verdict from the federal court case that closed earlier this month and found Jason Needham guilty of “intentionally accessing a competing engineering firm’s computer network without proper authorization in order to obtain proprietary information.” According to the Department of Justice, Needham repeatedly accessed servers and an email accounts belonging to his former employer, engineering firm Allen & Hoshall.
Over a roughly two year period, the former employee was able to access “digitally rendered engineering schematics and more than 100 PDF documents containing project proposals and budgetary documents” as well as “the firm’s marketing plans, project proposals, company fee structures and the rotating account credentials for the company’s internal document-sharing system.” It is unclear as to how Needham gained access to these systems, but it’s highly likely that Needham relied on the access, trust, or knowledge he gained from working at Allen & Hoshall in his efforts to steal data for his new firm. The information accessed is valued at over $500,000.
These kind of incidents can be devastating to the victim organizations, particularly for those – such as engineering firms – where intellectual property and other proprietary information serve as a cornerstone to competitive advantage and, ultimately, the company’s bottom line. Even after a guilty verdict and $172,393.71 restitution payment, this incident is likely to impact Allen & Hoshall for years to come. In terms of immediate costs, the restitution sum still falls far short of the $500,000 estimated value of what was stolen. The future costs to the business will likely be even higher, as it is nearly impossible to fully recoup the damage that lost/exposed IP can have in terms of competitive advantage.
This case is just the latest of many insider theft incidents to make headlines in recent years. This year has seen a contentious insider theft lawsuit play out between the Google and Uber’s autonomous car subsidiaries in which Google has alleged that a former employee stole 14,000 R&D files before leaving Google to start his own self-driving car company, which went on to be acquired by Uber. Uber has since fired the employee in question, but the case continues in court.
2016 saw a string of insider theft incidents by employees at U.S. companies working as part of Chinese economic espionage campaigns, examples of another form of insider threat in which insiders collude with outside agents in their efforts. According to reports at the time, thousands of U.S. companies have been targeted in these efforts, with many falling victim and losing valuable IP.
For companies whose value is built on intellectual property or proprietary information, these incidents serve to drive home one message: the time to build protections around your organization’s crown jewels is yesterday.
Get email updates with the latestfrom the Digital Guardian Blog
Thank you for subscribing!