The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Trade Secret Theft Case Involving Pharma Giant Can Move Forward

by Chris Brook on Tuesday August 4, 2020

Contact Us
Free Demo
Chat

An ex-worker who allegedly stole hundreds of company files had previously attempted to dismiss the lawsuit.

The pharmaceutical giant Bayer AG can finally advance a trade secret theft case implicating a former employee.

The company, which is headquartered in Germany but has offices worldwide, filed a complaint back in March that the former employee, Hai Zeng, a supply chain business architect working in St Louis, sent hundreds of the company's files to his personal email and Dropbox accounts.

Zeng filed a motion to try and dismiss the lawsuit but according to Bloomberg, it was denied on Friday by Judge Stephen Clark, the U.S. District Judge overseeing the case.

Zeng is being accused of violating the Computer Fraud and Abuse Act, the Defend Trade Secrets Act of 2016 and the Missouri Computer Data Access and Fraud Statute.

According to the complaint, an internal review at the company found the ex-employee sent files, including optimization models and a customer information database for Monsanto, the U.S. seeds company it acquired for a staggering $66 billion in 2016, to himself. In its complaint, the company said that it had invested substantial resources in developing the information and that it derives a substantial economic value from it.

Zeng had agreed to protect Bayer's (and Monsanto, after it the acquisition went through in 2018) confidential information by signing an employee agreement but that on its own didn't prevent data theft.

In the complaint, Bayer said that its internal data security system alerted the company in April 2018 that Zeng sent messages from his corporate email to other employees about a multi-level marketing program, something that went against company policy. In investigating Zeng's activity, the company found that he'd done more than just email co-workers. He also used a browser as a proxy on one of the company's devices; in looking further, the company determined he'd deleted apps, app data, credentials and files from his company-issued iPhone and taken company data.

In addition to the Monsanto customer database, he also took a file, "Scheduled Data Sheets," that contained information from a model the company used to develop production, supply, and distribution plans.

In the complaint, Bayer said that it had an internal system in place to identify suspicious access and use of confidential data - it noticed Zeng's multi-level marketing emails - but it's unclear why it failed to stop or at least flag the theft of its sensitive files in the first place.

In Judge Clark's denial of the Zeng's motion, Clark said the "Court need not consider Zeng's undeveloped arguments," adding that they "lack merit and support." In support of Bayer AG's suit, the judge said the company sufficiently alleged the existence of trade secrets, the misuse of them, and the resulting damages.

According to the Judge, Zeng's argument was just one to two sentences with no supporting citations beyond two references to cases, Bell Atlantic Corp. v. Twombly and Ashcroft v. Iqbal.

This isn't the first lawsuit involving the theft of Monsanto data. The U.S. Department of Justice indicted a Chinese National, Haitao Xiang, last fall on economic espionage charges, alleging the ex-Monsanto worker attempted to take six files containing trade secret information to China on a storage device. In that case there's been a back and forth lately around what a trade secret is exactly; a recent court filing suggests the secret could be comprised of publicly available information.

The company, or at least its Crop Science division, was also previously embroiled in another trade secret case involving a former fermentation researcher, Shaohau Guan, who allegedly too sensitive Bayer Crop Science information with him to a new job where he used it to develop competing biopesticide products. That case was dismissed last December.

Tags: Data Theft

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.