This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Theft of Sensitive Data

Computer Forensics

Background: 
A commercial company noted an unusual number of email 'bounces' on their email server. On investigation, they discovered that a member of their administrative staff had emailed large quantities of confidential information to her private email address, prior to resigning from the company.

 

Concern:
Critical information had been stolen. The extent and severity of the data theft was unknown. This information had to be quickly established before an injunction could be obtained to prevent further distribution of the stolen data.

 

Deloitte’s Actions: 
• We forensically retrieved the former employee’s mailbox from the email server, and acquired a forensic image of the computer workstation formerly assigned to them.
• We retrieved remnants of the former employee’s web browsing, including pages from her web-mail account.
• We uncovered a series of large zip files containing a large number of critical documents created only hours before the employee submitted her resignation.
• We analysed the former employee's email box, focussing on traffic in the days and hours before her resignation.

 

Deloitte’s Findings:
• We found that the employee had emailed hundreds of critical files to her personal web-mail account in the days prior to her resignation, including personal employee files of a number of her colleagues.
• We found that the mail bounces were caused by her web-mail account rejecting some of the huge zip files being sent to it on grounds of size and limited inbox capacity.
• We recovered web-mail communications between the employee and persons outside the company prior to the data theft discussing which documents might be of most value to them.
• These findings were made, and a report prepared, within 48 hours of taking the evidence into our possession.

 

Results:
• An injunction was obtained against the former employee preventing further distribution of information.
• A civil legal case has been initiated against the former employee seeking inspection of all her computers, as well as damages.
• The case has been referred to An Garda Siochana to determine if the theft of the data amounted to prosecutable criminal activity.

Comment:
Theft of information by departing employees has been a problem in Ireland for many years. Unfortunately, with the advent of large portable data storage devices, such as USB pens, it is fast becoming an epidemic. Consequently, if an employee with access to sensitive data leaves suddenly, or leaves for a competitor, it is strongly advisable to check that important information has not left with them.

Page Last Updated

Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Get connected
Share your comments
More on Deloitte
Learn about our site