MSP, Employee Face Computer Fraud Lawsuit
Federal prosecutors last week went after Michael Leeper, a former director of technical infrastructure for Columbia Sportswear, claiming in a criminal lawsuit that he’s guilty of computer fraud by allegedly logging into his former company’s network illegally for two years after exiting.
The backstory: In March, Columbia sued Leeper, charging that immediately before leaving the clothing manufacturer in 2014 for a CTO slot at Denali Advanced Integration, a Seattle-based MSP, he created a fake account on its network that gained him wide access to confidential information and private emails. A curious twist to the story is that Denali provides IT services to Columbia, which is headquartered in Portland, Oregon.
That civil lawsuit named both Denali and Leeper, who previously worked at Columbia for 14 years, as defendants. In the complaint, Columbia called Leeper’s actions a “flagrant invasion” of employees’ privacy. He’s defending himself by claiming that not only did Columbia knew he retained access to their network, he didn’t harm the company. Columbia said it terminated Leeper’s account privileges when he left.
Federal prosecutors have now signaled they believe the conflict is far more serious than simply a brazen break-in, Oregon Live reported.
The triangle: The case is unique in that it triangulates a customer (Columbia), a former employee (Leeper) and an MSP (Denali), Leeper’s subsequent employer. Inasmuch as Denali is a co-defendant in the civil suit, the implication is that the MSP allegedly benefitted from confidential material Leeper ostensibly passed to them.
So far Denali isn’t saying much. When the civil lawsuit was first filed, Majdi Daher, Denali’s CEO, told the Seattle Times, that the “claims astonish us, and they in no way reflect Denali or its values.”
More backstory (via the Seattle Times):
- The dummy account Leeper allegedly created, using the false name Jeff Manning, or jmanning, accessed Columbia’s network some 700 times, according to the civil complaint.
- Columbia apparently found the hack when it upgraded its network email system. It subsequently contacted the FBI to help locate the source of the breach.
- The false account tapped into emails from two Columbia product procurement employees for technology similar to what Denali sells and also accessed messages about upgrade budgets.
- Denali and Leeper haven’t disclosed what confidential information the MSP may still have in its possession.
We’ll update you when we know more. Stay tuned.