Tatianna Harris
Apr 8, 2024

Insider Threats Exposed: Overview of Q1 2024 Data Leaks and Breaches

The first quarter of 2024 saw significant information and communication leaks across major corporations in various industries, bringing into focus the hard reality: information is as vulnerable as it is valuable.

The first quarter of 2024 saw significant information and communication leaks across major corporations in various industries, bringing into focus the hard reality: information is as vulnerable as it is valuable. From inadvertent disclosures to calculated theft, these incidents not only jeopardize confidential and proprietary data and strategic business advantages, but they also shake consumer confidence and trust. Even when robust cybersecurity measures and in-place with some form of insider threat management, a culture of security and confidentiality only go so far without saboteurs thinking they will be caught. These incidents serve as a wake-up call, emphasizing that data security is not just an IT issue, but a responsibility for anyone dealing with sensitive information.

January 2024 Business Leaks

  • Mercedes' employee accidentally "Benz" privacy rules - Employee’s accidental leak of an access token to GitHub exposed the company's intellectual property and allowed for unrestricted access to proprietary source code.
  • Google "jobs hiring in my area" - Internal memos from Google CEO, Sundar Pichai, were leaked to The Verge about what goals Google is planning to accomplish this year, and for employees to expect another round of layoffs.
  • Time to Stitch and Fix Your Resume - Stitch Fix CEO, Matt Baer’s internal email announcing the elimination of full time stylist positions and appointments of new C-Suite positions, was shared, undermining Baer’s new “transformation” efforts. 
  • Bitcoin surge? - An insider leak revealed that BlackRock was prepared to launch a substantial $2 billion investment in a Bitcoin spot exchange-traded fund (ETF) if it gains approval, contributing to a significant surge in Bitcoin's price.

February 2024 Data Leaks

  • Amazon layoffs strike, again - In a leaked email from Amazon Health Services, sent to Business Insider, employees were told not to worry about rumors of layoffs. Amazon’s healthcare arm, One Medical, has underperformed the last two years, and employees were concerned about getting the axe. This coming just months after layoffs struck Amazon’s gaming division. No wonder people are nervous…
  • iSoon contractor spills the tea on Chinese hacking - Leaked documents from the Shanghai-based iSoon, a hacking contractor for the Chinese government, reveal a discontent workforce with successful operations against regional governments and potentially NATO. The documents, including technical details and employee grievances, are part of what gets sold in hacking and data-gathering services to the Chinese government, security groups and other state-owned enterprises around the world. The implications of these collaborations between private contractors and state hacking initiatives is unsavory to say the least.
  • Ontario Power Generation - A former nuclear power plant operator, James Mousaly, was arrested for stealing safeguarded information from the Canadian facility and charged under the Security of Information Act for the potential to harm Canada with the unauthorized disclosure.

March 2024 Insider Leaks

  • Meta's Private Data Fight - Meta is suing a former vice president, Dipinder Singh Khurana, alleging he stole proprietary data about the company's top performers and certain supply chain partners, taking that confidential information to a new startup. Violating his contract and California’s Computer Data Access and Fraud Act, Meta is seeking damages, disgorgement of profits, and other remedies. Currently none of the allegations have been proven in court.
  • J&J vs Pfizer Pharma Giants Face Off - Johnson & Johnson sued former employee Andrew Brackbill for allegedly downloading over a thousand sensitive files before resigning and then accessing this information at his new position at Pfizer. Brackbill, who had worked at J&J for 24 years, was accused of transferring confidential strategy documents, sales data, and more, under the guise of personal files. His role at J&J involved developing competitive strategies, and his new position at Pfizer is considered directly competitive. This rivalry could mean heavy repercussions for breaching confidentiality within the pharmaceutical industry

First Quarter Wrap-Up

Insider threats are a significant and growing challenge for organizations, as made clear by the recent case involving the accused former Meta executive. The taking of confidential and proprietary information is not an uncommon situation, especially within enterprises. Adequately protecting proprietary information and intellectual property is a prominent issue that we're actively solving at EchoMark. The stark reality of what businesses face today regarding data security and insider threats highlights the need to safeguard sensitive information against unauthorized transfers.

Whether or not there's a breach of legal contract, the misconduct is a blatant misuse of privileged access and a breach of professional expectations and conduct. Actions that involve unauthorized sharing of sensitive information not only breach trust but also undermine the very foundation of an organization's integrity and security. Recognizing that incidents like these are not isolated and can have far-reaching consequences for any organization, we are dedicated to developing solutions that help organizations safeguard their proprietary information against such insider threats, focusing on accountability, prevention, and rapid response.

Is someone currently sabotaging your business? Experience EchoMark for free to start securing your business documents, emails, and more.