Oracle Sues SAP for Information Theft

Yesterday Oracle announced that are suing SAP for violations of several Federal Acts. The Complaint makes interesting reading. Oracle claim that SAP committed “corporate theft on a grand scale”, illegally accessing and downloading thousands of proprietary, copyrighted software products and confidential materials. They claim that SAP employees used the log-in credentials of Oracle customers with expired or soon-to-expire support rights, in order to gain access to their password-protected customer support website.

The claim highlights a number of interesting points. Firstly, the ease with which password credentials can be stolen or passed on to third parties. It makes you wonder just how much information theft might be going on. Secondly, that it’s relatively easy to identify potential sources of data leakage by looking out for unusual activity, such as large numbers of downloads in a short space of time. And thirdly, that it’s likely that anyone engaging in illegal activity in a highly competitive marketplace will be found out at some stage. Because there will be intense scrutiny by competitors.

Regardless of the outcome of this case there is an action for us all. As I’ve said before, we should always close ranks against companies or employees that think it’s acceptable to employ illegal methods. Top companies should aim for the high ground, not sink to dirty tricks.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

There's a fourth point, which is that you should revoke access rights from systems when the relationship ends. If the accounts were for customers whose support rights had expired, why were they still able to log on? It would also be interesting to know how the imposters gained access to the credentials - whether they were provided by Oracle customers moving to SAP for example.