Table of contents
A Tampa Bay manufacturer is suing its former Vice President of Operations for allegedly accessing proprietary data after being fired, an incident that raises familiar concerns about insider threats and data security in cloud environments.
Coating Technology Inc., headquartered in Oldsmar, filed a federal complaint against Jesse French on June 20 in the U.S. District Court for the Middle District of Florida. The company alleges that French, after being terminated in March, used his old login credentials to access proprietary CAD files stored on the cloud platform Fusion360 for five and a half hours in May. At the time, French was working for a competitor.
Breached company claims damages
The lawsuit seeks damages under both the federal Computer Fraud and Abuse Act and Florida’s Computer Abuse and Data Recovery Act, citing damages stemming from employee time and forensic review. The company also claims French accessed sensitive designs used for machine-cut protective coatings applied to aircraft parts.
Without commenting on the particulars of this case, as it’s too early to know what the court will decide, unauthorized access is an attack vector that several ThreatLocker products can prevent.
Protecting against data breaches
These ThreatLocker products are designed to prevent breaches via unauthorized access.
Storage Control
With Storage Control, network storage locations hosting sensitive data can be limited to specific users or applications, or from machines running ThreatLocker.
Network Control
Network Control approaches protection from another angle. If the server hosting the application is running ThreatLocker, it can limit inbound traffic to specific IPs and ports, while blocking all other inbound sources.
Cloud Control
Cloud Control is a new product designed to prevent unauthorized access and token theft to Microsoft 365 hosted resources. Any ThreatLocker managed device will report it’sits IP to the ThreatLocker agent, which will then be added to a dynamic ACL, tied to a conditional access policy, to allow access to Microsoft 365 resources like SharePoint or OneDrive.
“In many cases like this, organizations only find out after the damage is done,” said Danny Jenkins, CEO of ThreatLocker, in a recent keynote. “The goal shouldn’t be to detect threats. It should be to prevent them.”
Coating Technology’s complaint underscores the financial and operational impact of post-termination access. The company alleges it was forced to conduct a damage assessment, review its systems, and take remediation actions after learning of the breach.
The case is still pending.
Want to learn how ThreatLocker protects environments?
Schedule a demo to see how a prevention-first approach can lock down your most valuable assets