Data Breach Response & Investigative Services

Employee Data Theft Investigations

Suspect Employee Data Theft? Call in the Cyber Sleuths

While employee data theft can happen at any time, it occurs most frequently just prior to, or immediately after, an individual’s termination or resignation from an organization. Motives for data theft include setting up a competing business, using the information at a new job, a sense of ownership of what was created, and revenge against the employer, among other things.

The most commonly stolen intellectual property and trade secrets include:

  • Customer information
  • Financial records
  • Software code
  • Email lists
  • Strategic plans
  • Process documents
  • Secret formulas
  • Databases
  • Research and development materials
  • Employee records

Read more

Technology is making employee data theft both easier to accomplish and harder to detect. For example, a small 16GB USB flash drive can hold thousands of Microsoft Office documents that can be quickly copied from a work computer and taken anywhere. Other tools such as Dropbox, remote desktop connections, personal email accounts, smartphones, CDs/DVDs, and File Transfer Protocol (FTP) sites are also commonly used to steal company data.

Employees who steal data often leave a trail of digital evidence that proves invaluable when investigating data theft. Computer forensics experts may be able to uncover important evidence, such as:

  • Identifying recently attached storage media such as USB thumb drives
  • Locating recently accessed files and documents
  • Isolating emails sent to public email accounts like Gmail or Yahoo
  • Determining recent internet activity
  • Establishing days and times of remote connections
  • Recovering text messages, emails, call logs and other data stored on a smartphone

Avoid Destroying Important Electronic Evidence with These Steps

If you are concerned a departing employee may have stolen proprietary data, or corporate data theft, one of the first things you should do is quarantine the computer. If the computer is powered on, then leave it on because significant evidence may be stored on the computer’s random access memory (“RAM”) and may be deleted if the computer is powered off. If the computer is already turned off, then place it into secure storage.

In addition, do not let your IT staff reinstall the operating system or give the computer to someone else to use because it could destroy/overwrite any evidence of wrongdoing. Finally, resist the temptation to “take a peek” at what is stored on the computer by turning it on and accessing files. This simple act will destroy valuable evidence. You’ll know soon enough once we’ve completed our investigation and provided you with a report and complete analysis.

These days, many employees also have company-issued cellphones, tablets, or laptops. If the suspected employee has any of these devices, then also place them in secure storage. Smartphones have an abundance of useful information such as text messages, emails, call logs, internet activity, and more. The simple act of resetting the phone, however, can permanently destroy this data.

If you suspect employee data theft, it is imperative that you call a computer forensics expert for immediate assistance. Our team is adept at preserving evidence and maintaining chain of custody so that our findings are admissible in a court of law. This is a crucial step when investigating employee data theft because electronic evidence will be essential when seeking an injunction or pursuing litigation.

Getting Started

The cybersecurity assessment provides a road map for improving data privacy. To request a quote or to learn more, please call our cybersecurity team at 1-877-840-4357.

Learning Center

Stay up to date with TCDI. Learn more about important topics, find out about webinars, and get updates on what's happening.

Jun 16, 2020   Blog
Jun 03, 2020   Case Study
Jun 01, 2020   Case Study