The investigation into data theft at an international office of a US-based firm.

Jurisdictions involved in this assignment

UK and USA

The business and background 

The IT team of a US-based law firm had noticed that a large amount of data had been downloaded from a shared server by an employee of the UK office. The client had suspicions that the data may have been downloaded to facilitate the creation of a competing business in Europe.

What we did

Once defensible copies of the data had been created, the data was uploaded to the ‘Reveal-Brainspace’ eDiscovery document review platform to facilitate standard and complex data searching techniques. 

In addition, one of the team performed a more surgical investigation into the laptop and mobile phone to see if data had been deleted or copied to further devices (showing evidence of access, and of potential intent to use the data).

The client and their lawyers asked our team to provide reports of suspicious activity (access, copy, delete) from the items. In addition, we were asked to further segment the collected data via keywords and utilize the more sophisticated features such as ‘Sentiment Analysis’ to assist the lawyers with creating a case for intent to create a competing business.

The outcome

Significant evidence of data copying/exporting was found on the company laptop (UK Head of Operations), and the individual admitted that they were planning on leaving the company and setting up a competing business. Following this, we were then tasked with wiping company confidential information from multiple devices (laptop/mobile phone). It was decided that the individual would leave the company and sign a compromise agreement stating that they had no access to any further company information, which forbid them from creating a competing business.