Skip to main content

Addressing the IT security threat from within

The founder and former chief executive of Chesapeake, Aubrey K. McClendon, has been accused of stealing confidential company data during his last months on the job in order to launch his new oil and gas empire.

According to the civil complaint filed by Chesapeake, McClendon “misappropriated highly sensitive trade secrets from Chesapeake” and “subsequently used these trade secrets for the benefit of” a company he founded in 2013, American Energy Partners LP, reported Reuters.

In the suit, Chesapeake claims that McClendon asked his assistant to print maps and data, while McClendon also sent himself blind copies of the same documents at a personal email address during his last months at the company. The company says it discovered McClendon’s actions through a forensic analysis of his Chesapeake email account.

McClendon said in a statement that the lawsuit claims were “baseless”, and said his severance agreement with the company included “the right to own and use this information.” He said he intended to vigorously contest the lawsuit.

The founder also agreed to step down as CEO in January 2013, and is alleged to have begun moving data out approximately 36 hours after the announcement of his departure. Among the documents were “open acreage reports” about the Utica Shale formation, an oil and gas play in Ohio, and the reports,contain information about unleased land that the company was “pursuing and seeking to acquire”.

Sol Cates, CSO at data security expert Vormetric, said: “While news about the malicious hacking trade and the actions of elusive cyber criminals continue to storm the media headlines, it seems that all too often the security threat presented by those already ‘on the inside’ is frequently treated as an afterthought.

“Although specific details of this claim remain disputed, a clear message for the business community to take away today is that finances and reputation are not only threatened by cyber-attack campaigns or state-sponsored attacks – damaging breaches can be caused by a wide range of offenders who either maliciously or accidentally do things that put data at risk.”

Phil Beckett, partner at Proven Legal Technologies, said that the discovery of McClendon’s actions through a forensic analysis were well done, but preventative measures could have been taken to stop any data from being breached in the first place.

“Companies of all shapes and sizes, across all industries, must realise the implications of a data breach and should carefully monitor their communications systems as a first port of call. It is important to note that email is not the only medium that should be tracked; instant messages, chat and SMS messages could all equally contain sensitive information or data,” he said.

“As such, firms must keep a close eye on all these platforms. Any attempts to share sensitive data can often be spotted and prevented at an early stage through a careful combination of auditing, monitoring, and security processes. By adopting a more proactive approach, firms will be much better able to protect themselves from damaging data breaches when employees choose to move on.”

The post Former CEO accused of stealing mass of company data appeared first on IT Security Guru.