Recent United States Department of Justice (“DOJ”) indictments of Chinese hackers provide a reminder that trade secrets and other intellectual property stored on databases are attractive targets to bad actors. The DOJ announced that seven international defendants were charged in connection with computer intrusion campaigns impacting more than 100 victims in the United States and abroad.

The victims of the cyberattacks included software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments. The hacking facilitated the theft of source code, software code signing certificates, customer account data, and other valuable business information. These cyberattacks also enabled the defendants’ other criminal schemes, including ransomware attacks and “crypto-jacking” schemes, which involve the unauthorized use of victim computers to “mine” cryptocurrency.


Continue Reading DOJ Indictment of Chinese Hackers for Break-Ins at 100 Companies Reinforces The Importance of Protecting Trade Secrets and Implementing Security Protections

On May 22, the Eleventh Circuit clarified trade secrets misappropriation analysis under the Florida Uniform Trade Secrets Act (“FUTSA”), strengthening the trade secret protection offered by the statute. The decision vacated a magistrate judge’s finding that the defendants had not misappropriated trade secretes following a bench trial in the Compulife Software Inc. v. Newman et al. matter (No. 18-12004). The court found error in the magistrate’s failure to “consider the several alternative varieties of misappropriation” contemplated by FUTSA and the magistrate’s reasoning that the public availability of life insurance quotes on the plaintiff’s website “automatically precluded a finding that scraping those quotes constituted misappropriation.”

“At its essence, it’s a case about high-tech corporate espionage,” Circuit Judge Kevin C. Newsom’s opinion begins. The plaintiff, Compulife Software Inc. (“Compulife”), sells access to its online database of insurance premium information, which synthesizes publicly available insurers’ rate tables using Compulife’s proprietary method and formula. Compulife also provides life insurance quotes sourced from its online database. The database itself is valuable because it consistently updates with current information about life insurers’ rate tables and allows for direct comparison across dozens of providers. Compulife licenses access to the database to its customers—primarily insurance agents who in turn seek to provide reliable insurance rate estimates to policyholders. In direct competition with Compulife, the defendants likewise generate life insurance quotes through their various websites.


Continue Reading Eleventh Circuit Solidifies Protection of Trade Secrets Threatened By “High-Tech Corporate Espionage” Under Florida’s Trade Secret Law

The COVID-19 crisis has presented an array of novel issues for companies, including new and unexpected cybersecurity threats. In addition to the now well-known security limitations of video platforms such as Zoom, we are seeing cyber-attacks in the form of COVID-19 related phishing attempts and ransomware attacks. In at least some of these attempted hacks, cybercriminals are hoping to steal trade secrets.

  • Cybercriminals are taking advantage of the novel at-home working environment and the increased fear and uncertainty surrounding the pandemic to launch malware and phishing attacks related to COVID-19.
  • Employees may be more likely to click a link or open an attachment, even though they would never consider doing so in a normal situation at work.
  • Therefore, malware may pose more of a danger than it did when employees primarily accessed their email over their employers’ traditionally more protected systems.
  • Companies should consider putting employees on notice about the COVID-19 related phishing attempts and provide examples of common scams.


Continue Reading COVID-19 and the Unique Opportunity for Phishing

Companies and other organizations increasingly must face serious and complex threats to their business and infrastructure.  Whether the threat is trade secret theft, rogue insiders, cybercrime adversaries, aggressive competitors, or misconduct by business and supply chain partners, companies should remain constantly vigilant and defense ready. Adversaries, including especially cybercriminals operating exclusively in the digital domain, are often highly motivated, sophisticated, resourced, and innovative. The opaque, pervasive, and global nature of modern digital networked environments presents opportunities for criminals. The sophistication and relentless creativity of these bad actors pose significant challenges to companies and law enforcement agencies in being able to detect, assess, mitigate, attribute, and deter these threats. Because available tools and real-world practices to address these threats often outpace the law, companies are called upon to develop their own comprehensive approaches to investigate and remediate these forms of risk. In doing so, companies must be willing to assume a certain level of risk to effectively investigate and obtain sufficient insight to counter the problems.
Continue Reading Complex Threat Investigations: Tips for Investigating Trade Secret Misappropriation and Other Digital Crimes

The U.S. District Court for the Western District of Pennsylvania recently ruled that a forum-selection clause in a former employee’s non-compete agreement may bind their new employer for purposes of establishing personal jurisdiction.

Matthews International Corporation (“Matthews”), a manufacturer of cremation furnaces, filed an action in the Western District of Pennsylvania against former employees and two competitors, Implant Recycling, LLC (“Implant”) and IR Environmental Solutions, Inc. (“IR Environmental”), alleging misappropriation of trade secrets and unfair competition. According to Matthews’s complaint, its former employees saved confidential company information and trade secrets on their personal USB drives and emailed company files to themselves before leaving Matthews to join Implant or IR Environmental. These former employees were subject to non-competition agreements that required them to submit to personal jurisdiction in the Allegheny County Court of Common Pleas or the Western District of Pennsylvania.
Continue Reading Hirer Beware: Your Employee’s Non-Compete Agreement with their Former Employer May Determine Where You Can be Haled to Court

A New Mexico court of appeals recently held that a former employee could not be permanently enjoined from disclosing trade secrets because his employment agreement provided for a five-year limit on the duty of confidentiality.

Lasen, Inc. (“Lasen”), a company that uses trade secret helicopter-mounted LIDAR imaging technology to detect methane gas leaks in natural gas pipelines, sued a former research scientist who wrote the source code for the company’s signature technology. Lasen alleged that the former employee stole the source code and other crucial information as well as deleted Lasen’s copies following his termination in 2009. As a result, Lasen was unable to update its LIDAR technology because it could not decipher the source code. Lasen also alleged that the former employee used its trade secrets in seeking employment with a direct competitor. After a bench trial, the court found the former employee did not misappropriate Lasen’s trade secrets, but he did breach his fiduciary duty and wrongfully retained intellectual property and trade secrets that belonged to Lasen. Therefore, the court permanently enjoined the former employee from disseminating or retaining any of Lasen’s trade secrets (the parties had stipulated that the source code was trade secret).
Continue Reading Permanent Injunctions Restricting Use of Trade Secrets May Only Be as Permanent as an Employment Contract’s Provisions

On September 23rd, 2019, the District Court for the District of Colorado awarded Atlas Biologicals, Inc. a total of $2 million against Defendant Thomas Kutrubes and his company, Peak Serum, Inc. Kutrubes, a part owner and former employee of Atlas, was found liable for trademark infringement, misappropriation of trade secrets, and breach of fiduciary duty.

The United States District Court for the Northern District of Illinois recently unsealed a December 13, 2017 indictment of Chinese national, Xudong “William” Yao, who was charged with nine counts of trade secret theft. The charges stem from Yao’s theft of more than 3,000 files between September 2014 and February 2015, including trade secret information such as source code and technical specifications, from an unnamed suburban Chicago locomotive manufacturer. The stolen documents generally pertain to the Illinois manufacturer’s train control systems. According to the indictment, Yao began downloading files just two weeks after beginning his employment with the Illinois company and continued to download files while simultaneously negotiating for and accepting a job with a Chinese “provider of automotive telematics service systems.” He began working for the Chinese company several months after being fired from the Illinois company for reasons unrelated to the theft of documents, and Yao’s employer did not discover the theft until sometime later.
Continue Reading Criminal Prosecution of Chinese Trade Secret Misappropriation

On Wednesday, May 15th, President Trump declared a national emergency via executive order over threats against American technology. The order authorized Department of Commerce Secretary Wilbur Ross, in consultation with various other agency heads to block transactions involving information or communications technology posing an “unacceptable risk to the national security of the United States.”

The

On May 10, 2019, the Delaware Chancery Court issued an opinion adopting a “narrow approach” in interpreting Section 1030(a)(2)(C) of Computer Fraud and Abuse Act (CFAA). Section 1030(a)(2)(C) imposes liability on a person who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains… information from any protected computer.” 18 U.S.C. §