US chipmaker Intel is investigating a security breach of 20 GB of internal documents classified as “Confidential” or “Restricted Secret” uploaded on file-sharing site MEGA.The data was published by Till Kottmann, a Swiss software engineer, who claims to received files from anonymous person. The cybersecurity experts highlight the danger of using third party services.
While this appears to be an issue related to a third party, it does underline the security concerns around intellectual property when working with business partners both up and down the supply chain. There is always a risk when sharing potentially sensitive information to these business partners, however, this is often an unavoidable part of doing business.
Intel appears to have quickly traced the source of the information and I have no doubt, will be taking steps to review access and logs as they seek to identify the source of this data.
While we often think of data breaches in the context of customer data lost and potential PII leakage, it is very important that we also consider the value of intellectual property, especially for very innovative organisations and organisations with a large market share. This intellectual property can be very valuable to potential competitors, and even nation-states, who often hope to capitalise on the research and development done by others.
Whenever providing intellectual property access to another organisation or individual, it is important to log not only who has access, but when and what data they are accessing. Even better, as in this case with Intel, ensuring that you know where the documents have been shared by potentially marking the document itself, can be very valuable when hunting potential misuse as appears to have occurred here.