Proving that data had been purloined

The problem

Company A was losing customers to its main rival, B-Co. One of A's leading salesmen had recently left the company to take up a post with B-Co., and A's managing director suspected that his ex-employee was using A's customer database to poach A's customers.

A's solicitor contacted us to see if we could help.

How we helped.

Fortunately, Company A had not re-assigned the ex-employee's laptop computer to another member of staff, so it was still in the state it had been on his last day. We took custody of the computer and treated it to a full forensic examination - this involved producing a copy of the hard drive, using methods which copy absolutely everything including deleted data and hidden files, and then examining it using specialist methods.

Two things became apparent.

Firstly, the ex-employee had accessed the customer database once a week until the last 2 weeks of his employment when the access rate increased to 2 or 3 times a day. In itself, this was unusual enough to raise suspicion - but the company didn't have a system which would have detected this change in patterns of normal activity. It also looked like the ex-employee had been downloading .CSV files from the database : something he didn't need to do for his usual day to day tasks.

Secondly, in the same 2 week period, at least 4 new USB storage devices had been attached to the laptop (one of them was faulty - we could tell from the traces left behind that Windows couldn't access it properly) and we had the make and model of each one. None of these were devices which had been issued by the company.

Our opinion

Based on the data we found, we considered that it was more likely than not that the former employee had deliberately downloaded copies of the customer database and copied them onto USB memory sticks in order to take them to his new employer.

The result

Company A's solicitor elected to write a "cease and desist" letter to B-Co., informing them of the ex-employee's actions and requesting that they stop using the misappropriated customer data immediately. B-Co. complied and Company A's losses were halted. A financial settlement was, we understand, agreed out of court and the ex-employee was disciplined by his new employer.

Cost to the client ?

About 2-3 days of our time, which was recouped via the settlement and the ability to continue trading.

If you have a similar problem, please contact n-gate ltd. now.