Former DuPont worker gets 18-month sentence for insider data thefts

Computerworld - A former DuPont research scientist who admitted a year ago that he illegally accessed and downloaded confidential documents valued at close to $400 million while he worked at the company was sentenced yesterday to 18 months in prison.

A U.S. District Court judge in Wilmington, Del., also ordered Gary Min, the scientist, to pay a $30,000 fine and $14,500 in restitution to DuPont. The sentence is substantially less than the maximum of 10 years in prison and a $250,000 fine that Min could have received.

Min, who also uses the first name Yonggang, pleaded guilty last November to stealing trade secrets from DuPont. His guilty plea became public in February, when the U.S. attorney's office in Delaware officially unsealed court documents relating to the case. Min originally was scheduled to be sentenced on March 29, but the sentencing was delayed until this week.

Robert Kravetz, an assistant U.S. attorney in Delaware, said Min's sentencing was put off while prosecutors held about 10 debriefing sessions with him in an effort to "get a handle on all of the DuPont technology that he had access to" and how much of the downloaded information had been transferred to systems given to Min by the company he joined after leaving DuPont.

Kravetz called Min's sentence fair and said that the case shows why it's important for companies to quickly contact law enforcement authorities when data breaches occur. "DuPont reached out at the outset, and that ensured that none of the technology [data] was disseminated," he said. "What DuPont did here was a really good job."

Federal agencies such as the FBI and the U.S. Department of Commerce have investigative tools at their disposal that companies typically don't have, Kravetz added. As a result, they're in a better position to resolve cases such as the one involving Min, he said.

The DuPont case highlighted the security dangers that organizations can face from trusted insiders. Min started working at DuPont in November 1995 and focused mainly on research involving a certain type of high-performance film. Then, in June 2005, he started talking with a U.K.-based company called Victrex PLC about possible job opportunities in Asia, according to court documents.

Min accepted a job with Victrex in October 2005 but didn't notify DuPont that he would be leaving until that December. Court records show that during the time he was in discussions with Victrex and for two months after he agreed to join that company, Min used his privileged access at DuPont to download about 22,000 document abstracts from DuPont's Electronic Data Library (EDL) system and to view approximately 16,700 full-text PDF files.