Go to Top

Web-Hosted Data Storage Services Used as Vehicle for Stealing Trade Secrets

Are your client’s employees using these potential trade secret misappropriation sites?

The Background
A senior product developer for a beverage container company was unhappy with his boss, and his current employment situation. He thought he could do better on his own and crafted a plan to resign and start his own competing company…using his employer’s designs and client list.

The Allegations
Recognizing his departure and future business plans would raise suspicions, the employee devised a method of stealing company confidential documents, (in this case design specifications, and
technical drawings) without leaving any tracks behind. His illconceived solution? Before resigning, the employee backed-up his company issued laptop computer to a third party data hosting site called “Carbonite”. Carbonite and other similar sites are marketed to users who want to back-up their data to minimize the risk of a hard drive crash or other data-loss. Of course, these data hosting companies provide a legitimate and effective service for individuals wishing to back-up their data. In the case of this employee, however, the site was used to steal company confidential information by moving it from his company laptop to a web-hosted location. When
subscribing to these services, users are issued a user name and password allowing them to retrieve their stored data in the future bylogging-into the hosting company’s web site from any computer.

The Result
The employer, suspecting the worst, performed computer forensics on the departed employee’s laptop. Remnants of the “Carbonite” subscription and file transfer activities were recovered, and the suspicious timing of the installation of Carbonite (relatively close to the date of the employee’s departure) was enough to persuade the judge to issue an emergency TRO against the former employee. Pending trade secret theft litigation will likely thwart the former employee’s plans.

The Take-Aways

  1. Policy. Consider issuing a company policy prohibiting employee use of third party data storage sites. Require employees to back-up their data ONLY on company-provided file servers.
  2. Preserve. Always preserve a terminated employee’s computer when you suspect trade secret theft or other wrong-doing. Do not re-issue these computers to other employees until and unless you know that the departing employee has no bad intentions. Consider performing computer forensics on these computers when suspicions are high. The installation of third party hosting software almost always leaves remnants of file transfer activity behind…including dates it was installed and any efforts to “un-install” it to remove evidence. This recovered user activity can be critical to proving your case.
  3. Proactive. Remember the power of an exit interview for employees that resign under suspicious conditions. An exit interview can be an ideal time to remind an employee of their obligations under their non-compete and handling of company confidential information policies. (or a perfect time to have the departing employee sign a policy if they have not done so). These interviews are also excellent opportunities to “lock-in” statements from a departing employee who indicates he has no intentions of directly competing with you. Judges have taken a harsh stand against employees who are deceptive during these interviews when it is later determined they had sinister plans.
, , ,

About Jeff Hartman

Jeff is a 30 year veteran of the corporate security, computer forensics, and eDiscovery community and a co-founder and partner at 4Discovery. 4Discovery is a leading provider of computer incident response and computer forensics services to attorneys, corporate security executives, and the information protection community.