Theft of Sensitive Data
A commercial company noted an unusual number of email 'bounces' on their email server. On investigation, they discovered that a member of their administrative staff had emailed large quantities of confidential information to her private email address, prior to resigning from the company.
Critical information had been stolen. The extent and severity of the data theft was unknown. This information had to be quickly established before an injunction could be obtained to prevent further distribution of the stolen data.
• We forensically retrieved the former employee’s mailbox from the email server, and acquired a forensic image of the computer workstation formerly assigned to them.
• We retrieved remnants of the former employee’s web browsing, including pages from her web-mail account.
• We uncovered a series of large zip files containing a large number of critical documents created only hours before the employee submitted her resignation.
• We analysed the former employee's email box, focussing on traffic in the days and hours before her resignation.
• We found that the employee had emailed hundreds of critical files to her personal web-mail account in the days prior to her resignation, including personal employee files of a number of her colleagues.
• We found that the mail bounces were caused by her web-mail account rejecting some of the huge zip files being sent to it on grounds of size and limited inbox capacity.
• We recovered web-mail communications between the employee and persons outside the company prior to the data theft discussing which documents might be of most value to them.
• These findings were made, and a report prepared, within 48 hours of taking the evidence into our possession.
• An injunction was obtained against the former employee preventing further distribution of information.
• A civil legal case has been initiated against the former employee seeking inspection of all her computers, as well as damages.
• The case has been referred to An Garda Siochana to determine if the theft of the data amounted to prosecutable criminal activity.
Theft of information by departing employees has been a problem in Ireland for many years. Unfortunately, with the advent of large portable data storage devices, such as USB pens, it is fast becoming an epidemic. Consequently, if an employee with access to sensitive data leaves suddenly, or leaves for a competitor, it is strongly advisable to check that important information has not left with them.
Page Last Updated