Blog

What We Can Learn from Coca-Cola’s Insider Trade Secret Theft

What We Can Learn from Coca-Cola’s Insider Trade Secret Theft

Your business’ data is perhaps its most crucial resource—which is why it is so important that it remains protected against all threats (including those that come from within your own business). Consider, for a moment, the ongoing trial of Xiaorong You, going on in Greenville, Tennessee. Accused of stealing trade secrets and committing economic espionage, You allegedly stole various BPA-free technologies from various companies—including Coca-Cola and the Eastman Chemical Company, amongst others—to the tune of $119.6 million.

Let’s consider how the implementation of insider threat detection methods could have minimized the damages that You allegedly inflicted on these companies.

You’s Story

Xiaorong “Shannon” You, a naturalized US citizen and PhD in Polymer Science and Engineering, has worked in the industry since 1992. From December of 2012 to August of 2017, she worked for Coca-Cola as a principal engineer for global research, moving to the Eastman Chemical Company to work as a packaging application development manager from September of 2017 until June of 2018, when her employment was terminated.

During her tenure at both companies, You had access to secrets that a limited number of employees were privy to. In the case of Coca-Cola’s secrets, You had retained them (despite affirming that she hadn’t in writing) and submitted them to the People’s Republic of China as part of her application for the country’s The Thousand Talents program in 2017. This program has been used before to introduce advanced technologies to China, with the Department of Justice having had some success in prosecuting these cases.

What Xiaorong You Allegedly Did

According to the case that You now faces, she retained this information by simply uploading data to her personal Google Drive account—or when dealing with particularly sensitive documents and physical lab equipment, she simply used her smartphone’s camera to capture images (bypassing the scrutiny of her employers’ information security teams). Once she had secured this information, You worked with a Chinese national named Xiangchen Liu to form a company in China that would use these trade secrets to generate its own profits, using an Italian BPA-free manufacturer to incorporate the stolen technologies onto their own products.

The theft of this technology has had an impact on various companies, including Coca-Cola and the Eastman Chemical Company, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

Originally brought up on charges involving the theft of trade secrets in Tennessee’s Eastern US District Court in February of 2019, You was subject to another indictment in August 2020 that filed charges of economic espionage.

How You’s Employers Could Have Stopped Such Activities

Let’s take another look at some of the dates we just went over:

You’s employment at Coca Cola ended in August of 2017, while her indictment for crimes that allegedly took place during her time there didn’t happen until February of 2019. This suggests that the discovery of her activities at Coca-Cola didn’t occur until long after the fact.

This fact is indicative of two reasonable hypotheses:

  1. Coca-Cola lacked the tools to detect such activities in real-time, making it far more difficult to prevent protected and sensitive data from successfully leaving the corporate environment.
  2. Coca-Cola also lacked the policies that could have prevented non-authorized devices from entering the workspace or otherwise being kept in proximity to sensitive company data or infrastructures. While old-fashioned, the concept of taking photographs of such information is no less effective for its age.

By comparison, You’s considerably rapid termination from the Eastman Chemical Company would suggest that their data protection standards were much more robust than Coca-Cola’s were at the time, enabling the company to identify a security issue and properly investigate it much faster.

Just imagine how much the total damages—which now equate to about $119.6 million, as a reminder—could have inflated if Eastman Chemical weren’t able to catch You’s alleged activities so quickly.

It unfortunately goes to show how anyone given the opportunity in tandem with the right motivation—in this case, recognition and financial windfall—could become a serious threat to any company’s data. This means that every company should have the tools in place to prevent these activities as often as possible, as well as the means to catch them if they are to take place.

White Mountain IT Services is here to help facilitate that. Our remote monitoring and management services can help catch any suspicious activity on your business’ network, preventing both internal and external threats from taking root. We can also help keep your data on a need-to-know basis, preventing more data leaks—accidental or otherwise.

Learn more about how our solutions can assist you by calling 603-889-0800 today.

By accepting you will be accessing a service provided by a third-party external to https://www.whitemtn.com/

Related Posts

Millions of people find themselves sitting in front of a computer moving files around and corresponding with people over the phone, through email, or updating info in the company’s line of business app. What many of them don’t know, however, is that,...
Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply ch...
Facebook is many people’s favorite—or at least most used—app and it does bring value to people by letting them keep tabs on friends and family, or grow their businesses. It has grown to be one of the largest, most successful software technology compa...
We always picture hackers as these foreboding, black-clad criminals, smirking through the shadows cast in their dark room by their computer monitor. Hardened, uncaring individuals who don’t go outside very often, staring at code as if they were able ...
It is only too common for people to have very different personalities in the office as they do during their off hours, with different standards and practices to suit them. While there is absolutely nothing wrong with that on the surface, you need to ...
Ransomware has been a real problem for the past several years. Once known for breaching networks directly, the establishment of uncrackable encryption left hackers looking to change their strategies. Today, they use scams to get people to give them a...
Most businesses have compliance regulations they need to meet. 2021 is becoming somewhat of a tipping point for some. Companies are dealing with the development of new data privacy laws that will surely add some responsibilities on top of already est...
Because of the protection it can offer your organization, data backup is a necessary tool for you to have—that is, provided it has the requisite security and reliability you’ll need should you ever have to lean on it. Let’s go over a few guidelines t...
We typically like to remind people as much as we can of the importance of staying up-to-date with your organization’s cybersecurity. There are plenty of things you can do to strengthen your grip on your network. This month we thought we’d go over som...
Nothing will annoy tech-savvy people more than listening to someone that basically doesn't know what they are talking about, but uses technology jargon to seem like they do. It’s pretty confusing for the non-technical too. This annoyance is largely d...
Gmail has proven to be as secure as most other email platforms, but email is email and there are times when you send an email that isn’t opened promptly and you’d rather not have the information in that message get sent around or archived where you c...
Healthcare is a hot-button issue regardless of where you live. As a result you’d think that the industry would be one of the first to implement new information technology. Unfortunately, the healthcare industry has sometimes lagged behind other indus...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  For locations outside of our service area, we will manage a local vendor to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions