Corporate Espionage By Management Creates Risks For Executives And Board Members

Following the filing of a five-count criminal information against Ticketmaster, alleging conspiracy to commit computer intrusion, computer intrusion of a protected computer, computer intrusion in furtherance of fraud, wire fraud conspiracy, and wire fraud, the company has entered into a plea agreement with federal prosecutors in Brooklyn, New York to pay $10 million in fines to resolve those charges.

According to an acting U.S. Attorney, Ticketmaster employees repeatedly and illegally accessed a competitor's computers without authorization, using stolen passwords to unlawfully collect business intelligence.

The investigation found that an individual bad actor worked for Ticketmaster's competitor, Live Nation, in 2013 as a consultant. He was later hired full-time by Ticketmaster in 2014.

The consultant/employee kept access to usernames and passwords belonging to Live Nation and, between 2013 and 2015, used them without authorization to access Live Nation's systems while working for Ticketmaster.

The employee was terminated from Ticketmaster in 2017 and pled guilty in federal court in 2019 to one count of conspiring to access protected computers without authorization and conspiracy to commit wire fraud. He is awaiting sentencing.

Moreover, investigators found Ticketmaster employees and executives held a division-wide summit during which the stolen passwords were used to access Live Nation's company's computers for use in strategy presentations for senior Ticketmaster executives. One Ticketmaster executive described the use of the stolen information as a way to "choke off" the victim company and "steal back" one of its clients. "Ticketmaster to pay $10 million in fines after admitting to illegally accessing competitor's computers" www.wraltechwire.com (May 03, 2021).

Commentary

According to Verizon’s 2020 Cyber-Espionage Report, the most prevalent type of corporate data breaches between 2014 and 2020 included cyberespionage, ranked sixth at 10 percent, and Privilege Misuse, which ranked fourth at 11 percent, though because cyber-espionage as a motive can be difficult to quantify, the numbers may be much higher.

In the case of Ticketmaster, corporate leadership knowingly used the stolen information to gain an advantage over its competition and then promoted the employees who broke the law.

Instances of corporate cyberespionage pose multiple risks to corporations, not only in terms of actual losses of proprietary research and development and patent violations but cause increased leadership and board legal exposure from shareholder suits.

For example, in 2011, shareholders in News Corp filed suit against the company's chairman and CEO, and other board members over allegations of suspected corporate espionage that occurred more than ten years earlier when two of its subsidiaries were accused of stealing computer technology and hacking into competitor’s business plans and computers.

In 1995, a Lockheed engineer conspired with a Boeing executive to provide Boeing with details of Lockheed’s bid presentation intended to win defense contracts with the U.S. Air Force that both companies were vying for. The Lockheed employee was given a job with Boeing after it won several contracts using the stolen information. Ultimately, the scheme was uncovered when other Boeing employees noticed the engineer, now employed by Boeing, possessed a binder full of proprietary Lockheed information.

The Air Force canceled several Boeing contracts, worth $700 million, and awarded them to Lockheed. The engineer and the Boeing executive who hired him were both fired and were subjected to criminal investigations. Dozens of employees were laid off when Boeing lost the Air Force contracts. Boeing’s CFO was implicated, fired, and sentenced to prison. Several shareholder suits against Boeing were filed.

Corporate leadership and boards of directors should be wary of the sources of information they rely upon and institute due diligence procedures to verify the legality and authenticity of the information.

Finally, your opinion is important to us. Please complete the opinion survey: