Intel has filed a $250,000 lawsuit against an ex-employee after he allegedly stole thousands of files from the company.
Jinfeng Luo started working at Intel in 2014 and received a termination notice on July 7th of this year. Before leaving, the former software engineer allegedly downloaded around 18,000 files, including confidential company data labelled as “Intel Top Secret.”
According to court filings, Luo first attempted to copy files from his company-issued laptop to a personal external storage drive around one week before his notice period was up, but Intel’s DLP systems blocked him from completing the transfer. However, Luo tried again a few days later, when he was able to successfully transfer around 18,000 files to a Network Attached Storage (NAS) device.
Intel’s security team detected the transfers soon after completion and the company has allegedly tried to reach Luo multiple times regarding the theft, but to no avail. He has not publicly responded to the allegations.
Given the lack of response, in an attempt to recover the lost intellectual property, Intel has taken legal action against Luo, demanding $250,000 in damages, recovery of legal fees, and an injunction to prevent the ex-employee from distributing or disclosing any of the stolen data.
The Bigger Picture: Tackling Insider Threats
Luo’s termination may have been a result of Intel’s ongoing workforce reduction and restructuring plan, which has seen around 35,500 jobs cut over the last two years in an attempt to lower operating expenses, streamline workflows, and “eliminate bureaucracy.”
The case highlights the need to protect data against insider threats during large-scale reductions such as this.
There are two main types of insider threat: intentional and malicious, when an individual sets out to cause reputational damage or financial loss, often as a result of perceived wrongdoing; accidental, when an individual’s mistake or negligence results in the loss or theft of data; and intentional but not malicious, when an individual steals intellectual property having mistakenly perceived it as being their own, rather than belonging to the company.
In Intel’s case, Luo is an example of an intentional and malicious insider—one of the most difficult types of cyberthreat for security teams to identify and mitigate.
This challenge is exacerbated during any period of transition, Joseph Bell, CISO at Everfox, tells Expert Insights.
“Organizations become very vulnerable or susceptible to insider risks as new processes are being implemented,” Bell explains. “There are gaps created for where malicious insiders are able to act, and then their actions or activities go unnoticed.”
During large-scale workforce reductions in particular, employees typically retain system access during their notice periods. This creates a window of opportunity for malicious or resentful employees to “take revenge” against the company, most commonly by exfiltrating or destroying data.
To protect against insider threats, organizations should implement robust security controls that give them oversight and control over high-risk user behaviors, such as Privileged Access Management (PAM), User and Entity Behavior and Analytics (UEBA), and DLP tools.
However, adds Bell, they also need to promote and maintain employee trust.
“Amid any kind of an insider risk program implementation, it’s critical that you’re communicating to your employee base what you’re doing, what it’s designed to do, and any impact that they will see,” he explains.
“IT teams and security teams must also clearly define the basis for tracking employee behavior […] and balance security and privacy to ensure transparency and accountability for all levels of the organization.”
