Incident Of The Week: Investigation Of Walmart Email Breach
FBI has accused Compucom employees of sifting through the retailer's internal email
Add bookmarkThe FBI is investigating allegations that employees from one of Walmart’s technology suppliers was illegally monitoring the retailer’s e-mail communication.
The New York Times reports that in late 2015 through early 2016, Compucom employees assigned to Walmart’s help desk were using their access to monitor specific e-mail accounts at the retailer and allegedly using that information to get an edge over competitors.
See Related: "Top 5 Cyber Security Breaches of 2019 So Far"
With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
The scheme was discovered after a Compucom technician took a photo of an email about an internal Walmart disciplinary matter and sent it to a Walmart employee he had been chatting with on an instant messaging system, according to the F.B.I. filing.
The photo was then forwarded accidentally to the daughter of a second Walmart employee who reported it to the company’s security department. Walmart filed a complaint with the F.B.I. about the suspected breach in September 2016.
According to a court filing, Compucom employees searched internal Walmart e-mail correspondence for information that could give the firm an edge over competitors. The suit alleges that the information helped the solutions provider submit a winning bid on at least one occasion.
Taking Action
Walmart told the NYT it terminated its contract with Compucom and instituted “new tools to improve our monitoring process” of it technology suppliers.
See Related: "Inside The Life Of Former FBI Agent’s International Cyber Security Stings"
The case exposes a potential vulnerability for companies that rely on contractors for technical work, giving outsiders broad access to sensitive internal documents with little oversight in the process. It also raises questions about how technicians hired to support the computer system of one of the world’s largest and most insular corporations were able to gather information from employee emails.
“Companies with an extensive communications network like ours require the support of different partners and a high level of trust,” Walmart spokesman, Randy Hargrove, told the NYT. “We relied on this vendor but their personnel abused their access and we want those responsible to be held accountable.”
A Walmart spokesman said the company terminated its contract with Compucom and has put in place “new tools to improve our monitoring process” of IT contractors in light of the incident. Walmart said its own investigation into the matter showed no customer information was compromised.
Compucom told the NYT they are cooperating with the investigation and currently cannot comment on the allegations.
See Other Related: "Incident Of The Week" Articles