Former DuPont worker gets 18-month sentence for insider data thefts
Federal judge also orders scientist to pay $45,000 in fines and restitution
Computerworld - A former DuPont research scientist who admitted a year ago that he illegally accessed and downloaded confidential documents valued at close to $400 million while he worked at the company was sentenced yesterday to 18 months in prison.
A U.S. District Court judge in Wilmington, Del., also ordered Gary Min, the scientist, to pay a $30,000 fine and $14,500 in restitution to DuPont. The sentence is substantially less than the maximum of 10 years in prison and a $250,000 fine that Min could have received.
Min, who also uses the first name Yonggang, pleaded guilty last November to stealing trade secrets from DuPont. His guilty plea became public in February, when the U.S. attorney's office in Delaware officially unsealed court documents relating to the case. Min originally was scheduled to be sentenced on March 29, but the sentencing was delayed until this week.
Robert Kravetz, an assistant U.S. attorney in Delaware, said Min's sentencing was put off while prosecutors held about 10 debriefing sessions with him in an effort to "get a handle on all of the DuPont technology that he had access to" and how much of the downloaded information had been transferred to systems given to Min by the company he joined after leaving DuPont.
Kravetz called Min's sentence fair and said that the case shows why it's important for companies to quickly contact law enforcement authorities when data breaches occur. "DuPont reached out at the outset, and that ensured that none of the technology [data] was disseminated," he said. "What DuPont did here was a really good job."
Federal agencies such as the FBI and the U.S. Department of Commerce have investigative tools at their disposal that companies typically don't have, Kravetz added. As a result, they're in a better position to resolve cases such as the one involving Min, he said.
The DuPont case highlighted the security dangers that organizations can face from trusted insiders. Min started working at DuPont in November 1995 and focused mainly on research involving a certain type of high-performance film. Then, in June 2005, he started talking with a U.K.-based company called Victrex PLC about possible job opportunities in Asia, according to court documents.
Min accepted a job with Victrex in October 2005 but didn't notify DuPont that he would be leaving until that December. Court records show that during the time he was in discussions with Victrex and for two months after he agreed to join that company, Min used his privileged access at DuPont to download about 22,000 document abstracts from DuPont's Electronic Data Library (EDL) system and to view approximately 16,700 full-text PDF files.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Is SQL Server AlwaysOn really as powerful? Tips and Tricks from the field With the introduction of AlwaysOn, Windows Clustering Services is now more critical than ever. All Cybercrime and Hacking White Papers | Webcasts