18,000 Files Stolen: Intel Faces Insider Threat Challenge

Intel Corporation has filed a lawsuit against a former employee accused of stealing tens of thousands of confidential documents before leaving the company. 

The case underscores the persistent risks of insider threats, especially during large-scale workforce reductions that we’ve seen over the last several years, when security controls and oversight can be stretched thin.

A Breach from Within

According to Intel’s complaint, former software engineer Jinfeng Luo allegedly downloaded approximately 18,000 sensitive files from company systems in late July 2024, just days before his termination took effect. 

Luo, who had worked at Intel since 2014 and lived in Seattle, was among thousands of employees affected by a major company-wide layoff announced that summer.

Court filings state that Intel notified Luo of his pending termination on July 7, with his employment officially ending on July 31. 

On July 23, Luo allegedly attempted to transfer files from his work laptop to an external hard drive, but Intel’s internal data loss prevention (DLP) systems blocked the action. 

However, five days later, on July 28, Luo reportedly connected a different storage device and successfully exfiltrated the documents.

Intel’s investigation determined that many of the files were marked “Top Secret”, suggesting that the data may have contained proprietary source code, product roadmaps, or trade secrets. 

The unauthorized transfer triggered Intel’s internal incident response (IR) protocols, which led to a forensic review and subsequent attempts to contact Luo.

Despite multiple efforts to reach him at known addresses, the company received no response. 

As a result, Intel escalated the matter by filing a civil lawsuit seeking at least $250,000 in damages, recovery of legal fees, and an injunction to prevent Luo from disclosing or distributing any of the materials.

Intel declined to provide further comment on the ongoing litigation, while Luo could not be located for a response.  

The Offboarding Security Gap

This case highlights a recurring challenge across the technology sector: protecting sensitive data during employee offboarding. 

Insider threats — whether motivated by revenge, financial gain, or carelessness — remain one of the hardest risks for organizations to detect and mitigate.

During layoffs or workforce reductions, employees often retain system access during their notice periods. 

This creates a window of vulnerability that, if not carefully managed, can lead to significant data theft or sabotage. 

The Intel case is a reminder that even with robust security tools and IR plans, insider threats may still get the data.

Defending from Within

To protect against insider threats, organizations must adopt a proactive and layered security strategy that combines technology, process, and culture.

• Enforce least privilege access: Limit employee access to only necessary data and systems, and immediately restrict permissions when a termination notice is issued.
• Enhance monitoring and detection: Use user and entity behavior analytics (UEBA) and data loss prevention (DLP) tools to identify unusual file transfers or device activity.
• Secure the offboarding process: Revoke credentials promptly, collect company equipment, and coordinate between HR, IT, and security teams during employee exits.
• Promote trust and awareness: Foster transparency during organizational changes and provide regular training on data security and ethical conduct.
• Conduct regular audits and simulations: Test insider threat controls through periodic reviews and mock exfiltration exercises to identify and close security gaps.

Together, these measures create a strong, multi-layered defense that not only helps protect against successful insider data theft but also enhances an organization’s overall cyber resiliency against emerging internal and external threats.

Intel’s lawsuit against its former employee serves as a cautionary tale about the dangers of insider threats, especially during periods of organizational transition. 

As businesses continue to navigate economic shifts and workforce reductions, maintaining vigilance over data access and employee activity remains paramount.

Embracing zero-trust principles provides a framework for organizations to strengthen data protection by verifying every user, device, and action within the network.