This is a great example of a situation where an employee had illegal access to corporate email – how it happened, the impact it had, and what you can do to prevent it from happening in your own business.
Employee A was under performance scrutiny. This employee sat next to an in-house recruiter who negotiated new employee hirings.
When Employee A was let go for performance issues, he filed an EEOC (Equal Employment Opportunity Commission) claim against the company and threatened civil litigation citing an email exchanged between the in-house recruiter and the hiring manager.
To the best of the company’s knowledge, Employee A was not addressed or copied on the email cited in the EEOC claim. IT Acceleration was engaged to figure out how the employee ended up having access.
How It Happened
The first thing we did was preserve a copy of all the ex-employee’s emails. We then went through every folder trying to find the email in question, including deleted folders.
We did not find the email in the inbox, but we did find a copy in Employee A’s deleted folder. The email had a time stamp indicating it first landed in Employee A’s inbox on a specific date at around 8:00 in the morning. We interviewed the recruiter to find out where she was on that date, at that particular time, and the recruiter said she “typically did not arrive to work until 9:00 am or after”.
The recruiter’s computer did not have a password protected screen saver and was usually left on overnight. We searched the recruiter’s sent folder and saw the EEOC referenced email was forwarded to Employee A on the exact same date, and at the exact same time, as the email in his deleted folder.
Findings and Conclusions
We concluded that Employee A illegally and without permission, accessed the in-house recruiter’s email early in the morning before the recruiter reported to work. The email forwarded to Employee A’s inbox so he could use it in his EEOC filing.
We presented our findings, substantiated with printed evidence from the different email folders. It was used as evidence in the EEOC filing.
Although 18 U.S. Code § 1030 – Fraud and related activity in connection with computers specifically stipulates “protected computers”, this reason was provided as a response to the letter received threatening litigation and EEOC claim.
The threats were dropped.
Since then, the company has complied with better security measures and now enforces a timeout for password protect screen savers on every computer.