Former employees accused of exploiting access to steal company data

When you leave a job, you take your skills. But what if you take your former company’s digital crown jewels? That’s the question at the center of a real-life legal fight between rivals Fire Security Electronics & Communications Inc. (FSEC) and Adanac Fire Protection Inc.

A federal lawsuit filed in the U.S. District Court for the District of Arizona, Phoenix Division highlights how quickly sensitive business data can be taken and used by competitors if the right cybersecurity protections aren’t in place.

FSEC, a 40-year-old business with offices in Phoenix and Tucson, alleges that several former employees conspired with Adanac, a direct competitor, to improperly access and download proprietary information after leaving the company.

Alex Benton, a special projects engineer at ThreatLocker, said, “We've seen too many breaches that make use of improperly offboarded employee credentials. Companies need to be increasingly vigilant in monitoring the accounts their employees use. Suspicious activity to look out for includes: many failed login attempts, many password resets, or logins form vastly different geographical locations.”

FSEC designs, engineers, and installs integrated life-safety and low-voltage systems—fire alarms, security, access control, CCTV, intercoms, and more—for commercial, industrial, municipal, and educational clients across the state.

The complaint, filed in December 2023 and later amended in January 2025, asserts violations of the Computer Fraud and Abuse Act, the Defend Trade Secrets Act, and Arizona’s trade secret laws, among other claims. The defendants deny wrongdoing.

Alleged misuse of logins and portals

Filings show FSEC operates two secure digital platforms—Building Reports and Service Trade—that store customer details, inspection records, pricing, proposals, and other business-critical data.

According to the filings, multiple defendants allegedly:

• Logged in after resignation or while on leave using their own or others’ credentials.

• Accessed and downloaded thousands of reports and proposals.

• Shared credentials among co-workers and with employees at Adanac.

• Used IP addresses linked to Adanac’s offices to log in to FSEC systems.

FSEC claims this activity allowed Adanac to target its customers and employees, causing more than $1 million in losses.

‍

How Zero Trust could have prevented the breach

The allegations center on former employees using valid login credentials to access sensitive company portals, sometimes from competitor-owned networks and devices.  

ThreatLocker could have blocked this activity at multiple points.

Storage Control could have stopped large-scale exfiltration of inspection reports by controlling what devices, users, or locations could save or transfer files. Download attempts to unapproved drives or cloud storage accounts would have been blocked.

Network Control could have limited access to shared storage at the network level to internal IP addresses or those within a VPN’s IP space.

Cloud Control could have restricted access to company hosted resources from unmanaged devices, ensuring that only managed devices were allowed access while blocking all others.

Preliminary court orders

In February 2024, the court issued a preliminary injunction restricting certain defendants from using or benefiting from FSEC’s confidential information.

Why those court orders matter

If the injunction and protective order hadn’t been in place, the lawsuit itself could have become another channel for exposing FSEC’s most sensitive information. Court intervention limited that risk. Here’s how the court’s action prevented that:

• Access locked down: Defendants were barred from using or benefiting from FSEC’s confidential information. That prevented operatives and competitors from continuing to mine the data under the cover of legal filings.

• Forensic safeguards: Every device, drive, and online account potentially containing FSEC data had to be handed over to a neutral forensic firm. System imaging had to precede deletion. The court ensured data integrity and blocked evidence tampering.

• Controlled disclosure: Sensitive documents are now classified under “CONFIDENTIAL” or “FOR COUNSEL ONLY.” Only vetted individuals can view them, and only for use within the litigation—not as a business weapon.

In litigation involving trade secrets or strategic data, absence of these orders can turn the courts into a conduit for exposure—where opposing parties mine filings to extract intelligence.

A cautionary parallel

In Allstate Ins. Co. v. Cruz, Allstate sued a former agent for misappropriating client information. However, the litigation didn’t include—or enforce—a protective order. As a result, some of that sensitive material risked being exposed through discovery and court filings, leading to contempt proceedings and complicating the case resolution.

That scenario shows how litigation without confidentiality controls can amplify the very harms a company seeks to block.

Why this matters for companies

This lawsuit shows how fast insider access can turn into a competitive threat if credentials are not immediately revoked and monitored after employment changes. It also illustrates:

• How trade secrets can include operational details stored in routine digital tools.

• The value of forensic readiness—having the ability to trace access patterns and link them to individuals.

• The importance of layered internal policies, employment agreements, and technology controls to limit both authorized and unauthorized use of data.

Even without a breach by outsiders, companies face significant risk from trusted insiders who still have access to sensitive systems.

Learn more about ThreatLocker solutions

Talk to a ThreatLocker specialist and book a demo customized to your environment and needs today. Available in all time zones!