Business Meeting

Case Study-
Internal Data Breach

A lawful permanent resident of the United States worked as a senior engineer and scientist at a U.S. company. The lawful permanent resident was a Chinese citizen who had spoken to others about his desire to return to China and his desire to advance his career and work on research projects related to the work he performed at the U.S. company. The Chinese citizen sought out research opportunities with several state-run institutions in China, including the Chinese Academy of Science (CAS) and an affiliate. Upon joining the CAS affiliate, the Chinese citizen agreed to substantiate his credentials by providing the director and one of its recruiters with some of the U.S. company's related to the technology the individual had been involved in developing. The documents were provided to the CAS affiliate under the guise of substantiating his credentials.

A month after retiring from the U.S. company, the Chinese citizen traveled to China to begin work for the CAS affiliate. His CAS research plan stated China could not process high-performance components, such as airplane wings and carrier aircraft tail hooks, as a result of its technology embargo. The Chinese citizen claimed by using Western companies' technology; his research project would increase China's independent ability, efficiency, and quality in key component manufacturing. He took with him to China his laptop and an external hard drive containing a significant amount of the U.S. company's highly sensitive, proprietary, and export-controlled materials—including data from projects outside his scope or access.

Upon his return to the United States from China, the Chinese citizen was in possession of several suspicious documents containing Chinese characters and $10,000 in cash. Weeks later, he tried departing the United States for China with export-controlled and proprietary documents.

Breach Vulnerabilities and Indicators:

The Chinese citizen was willing to provide controlled information to unauthorized personnel in an effort to advance his career.
As a result of the Chinese citizens' desire to assist his birth country, he was susceptible to being tasked by Chinese government agencies and state-owned enterprises.
Upon entering the United States from China, the Chinese citizen was carrying $10,000 in cash.
The Chinese citizen used a company-issued computer and hard drive to move highly sensitive, proprietary, and export-controlled materials to China.
The Chinese citizen did not notify his employer about his foreign contact with officials at the Chinese Academy of Science.

Circumstances that may render employees or companies more vulnerable to becoming threats to your business

  • Large ego driving an employee's sense of happiness
  • Divided loyalty to a country besides the United States
  • Inadequate corporate personnel policies and procedures
  • Failure to conduct in-depth background checks of companies and employees
  • Inadequate security procedures and training


A threat typically demonstrates one or more of the following indicators:

  • Working odd hours without authorization
  • Taking sensitive or confidential material home without permission
  • Requesting or otherwise attempting to obtain sensitive information without a need to know
  • Inappropriately seeking sensitive information directly from others
  • Bringing recording devices into work areas without approval
  • Unnecessarily photocopying, photographing, or downloading sensitive information
  • Taking short trips to foreign countries or a competitors city for unexplained reasons
  • Having unreported foreign contacts or conducting unreported international travel


There are steps organizations can take to identify and deter potential internal breach threats. Oferas Technologies offers these for information purposes only. Your individual company must assess applicability in terms of its own policies, processes, and legal guidelines.

  • Educate and regularly train employees on security policies and protocols.
  • Ensure proprietary information is carefully protected.
  • Employ appropriate screening processes when hiring new employees.
  • Develop strong risk management and compliance programs.
  • Provide nonthreatening, convenient methods for employees to report suspicious behavior, and encourage such reporting.
  • Monitor computer networks routinely for suspicious activities.
  • Ensure physical security personnel and information technology security personnel have the tools they need.
  • Ensure physical security personnel and information technology security personnel have the tools they need.
  • Ensure physical security personnel and information technology security personnel have the tools they need.
  • Ensure physical security personnel and information technology security personnel have the tools they need.