Update: SunPower lawsuit highlights insider threat

Solar panel manufacturer is newest victim of old problem

A lawsuit filed in federal court in California offers another reminder of how malicious insiders pose an often-underestimated threat to corporate data and intellectual property.

SunPower Corp., a publicly traded San Jose manufacturer of solar panels, has sued five of its former employees for stealing proprietary information from the company and using it to benefit a rival firm.

The five are accused of connecting personal USB storage devices to SunPower systems and stealing the data around the time they were leaving the company last year. SunPower did not notice the theft until December, when one of the former employees was caught attempting to use his email account, one month after he had left the company.

The lawsuit was filed in U.S. District Court for the Northern District of California.

Also named in the lawsuit for knowingly accepting the stolen data is SolarCity, the rival firm that now employs the five former SunPower employees.

In a statement, SolarCity did not directly comment on the lawsuit. Instead, it said it takes trade secret issues "very seriously" and that it would act in accordance with the law.

"SolarCity's commercial market share has grown significantly in the past few years and this growth threatens SunPower," the company said. "Over the past few months, following its acquisition by a foreign oil company, a number of SunPower's best salespeople decided to join SolarCity.

"SolarCity's work environment and leading service offers are attracting some of the best people in the industry to the company," SolarCity said in its statement. "SunPower is apparently taking exception to that."

In its complaint, SunPower alleged that a former managing director of SunPower's east coast operations and four other relatively senior employees stole tens of thousands of files from company servers and from its Salesforce.com database.

According to SunPower, the files included quotes, deals, proposals, contracts, market analyses and business analysis data. The employees are also alleged to have stolen customer contact information and information on previously sold products, and potential new clients.

The stolen information included data on customers who had accounted for some $100 million in sales for SunPower in 2011. SolarCity did not immediately respond to a request for comment.

Such insider theft is not uncommon. Over the past few years, there have been numerous cases where insiders with privileged access to corporate networks and systems have misused that access to steal data.

According to research released by Symantec in December, the majority of IP theft is committed by male employees who average about 37 years old and are most often serving in technical positions such as engineers, scientists, programmers and managers.

In about 65% of the cases, employees who commit such theft have already secured a new job with a competing company while about 20% are recruited by an outsider looking to steal specific data. More than half steal data within a month of leaving their old job.

In more than half the cases, the data stolen involves business information such as billing data, customer data, price lists and business plans the malicious insider is authorized to access.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Copyright © 2012 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon