Takeaway: Trade secret misappropriation may lead to extremely serious legal consequences, especially in terms of punitive damages.
In Epic Systems v. Tata Consultancy Services, a Western District of Wisconsin jury awarded Epic Systems close to $1 billion ($240 million for compensatory damages and $700 million in punitive damages) on state-law trade-secret misappropriation, breach-of-contract claims, unfair competition, and computer-fraud.
In 2011, Kaiser Permanente contracted with Tata Consultancy Services “TCS” to test a beta Epic Systems software. Once the testing was complete, a TCS employee was able to reactivate his account which was listed as “expired” rather than deactivated, and use it in 2013 and 2014.
“This is basically every CIO and CISO’s nightmare – unauthorized access to sensitive data and information by offshore contractors that are a direct or indirect part of their supply chain,” said Avivah Litan, vice president and distinguished analyst at Gartner Inc. in an email sent to the Wall Street Journal.
Tata employee Rajesh Gajaram had access to Epic’s UserWeb portal, according to court documents, and he testified that he shared his login credentials with three other Tata employees. At least one of the three employees testified that he downloaded documents form UserWeb and made them available to other team members. Over 6,000 documents and more than 1,600 files were downloaded between June 2012 to June 2014.
One of the main risks in cybersecurity is rooted in human error and, thus, humans remain to be the weakest link in cybersecurity.