13 Feb 5 Data Security And Corporate Espionage Cases You Need To Know About
For as long as there have been trade secrets, there have been criminals willing to steal them for their own financial gain.
And it comes at a high cost, as cybercrime alone is estimated to cost UK businesses £27 billion per year, while industrial or corporate espionage sets businesses back £7.6 billion.
And on a global scale, data from G4S estimates that the annual cost of industrial espionage may be as high as $1.1 trillion, making it one of the biggest security challenges faced by businesses in the modern age – particularly following the Coronavirus pandemic, which exposed weaknesses in many companies’ security protocols.
The most well-known cases of corporate espionage are associated with large and highly valuable brand names, but the impact of corporate espionage and data theft on small businesses should not be underestimated.
For instance, as small businesses usually have lower levels of security than multinational companies, they may be at higher risk of data theft – while due to their lower capital reserves, they are also more likely to be seriously affected by data theft and corporate espionage, which has the potential to seriously stunt growth, and can even lead to business closures.
Let’s now take a look at some of the most high-profile cases of data security failures and corporate espionage, to identify the weak security factors that made the victims vulnerable to data theft.
Gillette Vs Davis (1997)
While most corporate espionage cases have a financial impact on their victim, it’s not always about the money. Sometimes, people just want to see you fail. There are few better examples of this than the Gillette Vs Davis case of 1997.
Stephen Davis was a process controls engineer for Wright Industries Inc., who were subcontractors for the Gillette base in Boston. Davis had been demoted from his role to a more minor position in the project, and he blamed Gillette for the move, feeling furious that his future career prospects had been ruined.
In a bid to get even, Davis leaked extensive trade secrets, including technical drawings of Gillette’s groundbreaking Mach 3 triple-blade razor, via fax and email to their main competitors: American Safety Razor Co., Bic, and Warner-Lambert Co. – the owner of the Schick-Wilkinson Sword brand.
This corporate sabotage could have been a fatal blow to Gillette, as they had ploughed $750 million into the development of the Mach 3 Triple Blade, and if they did not achieve their expected return on investment, the company would have failed.
Fortunately for the razor brand, Schick immediately reported the corporate espionage attempt to Gillette, who then alerted the local FBI office. Davis was caught, convicted of the offence, and given a sentence of 27 months in prison and fines amounting to over $1.3 million in damages.
Kodak Vs Worden (1997)
In 1997, the former manager of Eastman Kodak Co., Harold Worden, pled guilty to interstate transportation of stolen property.
After working for the company for 30 years as a project manager, 56-year-old Worden had stolen millions of dollars’ worth of trade secrets from Kodak in the form of confidential documentation that he had not returned when he left the company in 1992.
He had then started his own consulting business, attempting to sell Kodak’s intellectual property to their competitors in order to fund his new business venture. After the FBI got involved, a search of his property in Santee, South Carolina uncovered thousands of Kodak’s confidential documents.
At his trial, the prosecution also alleged that Worden led a racketeering ring, encouraging former Kodak employees to steal company secrets so he could sell the intellectual property to their competitors. Worden accepted a guilty plea bargain, which included a 15-month split sentence and fines of over $50,000.
Unilever Vs Procter and Gamble (P&G) (2001)
In 2001, employees of Pantene shampoo manufacturer Procter and Gamble were discovered to be going through the bins outside the offices of their corporate rival Unilever, in order to obtain any documentation that had been disposed of.
When senior Procter and Gamble officials learned of the scheme, they informed Unilever that their agents had obtained the documents in an unethical fashion, and gave the gathered information to Unilever officials.
While Procter and Gamble maintained that no illegal activity took place, they acknowledged that the information was acquired improperly, and as a result, fired three of their staff members. P&G company chairman also John Pepper stated that the material would not be used, and that all information would be quarantined in order to prevent damage to Unilever.
Meanwhile, Unilever alleged that Procter and Gamble had also sent in employees posing as market analysts, although these claims were refuted by P&G. The case was settled out of court, and Procter and Gamble paid Unilever a sum of $10 million to close the case.
Coca-Cola Vs Williams, Dimson, and Duhaney (2006)
In 2006, the former administrative assistant to the Global Head of Marketing at Coca-Cola, Joya Williams, and Coca-Cola employee Ibrahim Dimson were convicted of conspiring to steal and sell Coca-Cola’s corporate secrets to their rival, Pepsi.
Williams was accused of collecting ‘very detailed and very confidential’ information regarding several Coca-Cola goods, including samples of their newest product, which she intended to sell to Pepsi for a sum of $1.5 million.
She was caught on a surveillance camera in her office rifling through several files looking for highly confidential documents, before putting them into bags. The footage also showed her holding a container of liquid marked with a white label, which matched the description of the new Coca-Cola product sample.
The thieves were caught during a federal sting operation, during which Dimson gave 14 pages of confidential and highly classified Coca-Cola documents containing trade secrets, to an FBI undercover agent in exchange for $10,000. In a letter, he also stated that he would provide further documents on request.
Shortly afterwards, a meeting between Dimson and an FBI undercover agent took place where Dimson handed over a bag of confidential documents and the Coca-Cola product sample in return for $30,000. After the exchange, the FBI agents followed Dimson to Coca-Cola employee Edmund Duhaney’s home.
Then, on the date when the criminals had planned to be paid the full sum of $1.5 million for the entirety of the Coca-Cola secrets, they were arrested by the FBI. Joya Williams received an eight-year prison term, while Dimson received five years. Both were ordered to pay Coca-Cola the sum of $40,000 in restitution.
For his part in the crime, Edmund Duhaney was sentenced to 11 months in prison, fined a sum of $40,000, given three years on supervised probation, and ordered to do 40 hours of community service.
Marriott Data Breach (2018)
In 2013, two years before Marriott acquired the boutique hotel chain Starwood, Starwood’s guest reservation system was targeted by cybercriminals using a Trojan computer virus, known as a remote access trojan (RAT). The criminal activity went undetected until 2018, when an internal security tool alerted Marriott to the presence of the virus.
Marriott quickly took action to determine what data had been stolen, and discovered that the cybercriminals had been able to copy and encrypt information, with the intent of removing it from the system.
The stolen data was extensive and targeted over 500 million customers, who had a wide range of information taken. This included the guests’ names, addresses, telephone numbers, emails, passport numbers, account information, dates of birth, gender, arrival and departure information, reservation dates, and preferred communication methods.
Following the data breach, and under the guidance of security experts, Marriott carried out a full investigation and introduced a whole host of security enhancements, but this was not enough to prevent them from receiving an £18.4 million fine from the Information Commissioner’s Office in 2020.
Want to make sure your business stays safe online and is well protected against cybersecurity threats? Give us a call!