In this weekly digest, we have news about an insider incident. A laid-off Intel engineer allegedly stole 18,000 confidential files by bypassing the company’s data protection tools. The breach exposes critical flaws in insider threat detection and highlights why DLP is essential for corporate information security.
Intel has faced some tough times recently, as the company has been undergoing a major “staff optimization” effort. In simpler terms, it has cut about 35,000 jobs over the past few years. On top of that, one of these layoffs had major consequences for the company. One of the fired employees decided to secure their own future and made a golden parachute by downloading 18,000 proprietary files.
The story started on the 7th of July, 2024, when Jinfeng Luo received a notice of termination. The reasons behind this decision aren’t publicly available. Yet, we know that he had to leave by the end of the month.
The following details are known from the lawsuit: Jinfeng tried to download corporate files from his laptop for the first time on July 23. Intel claims that security controls detected these attempts and blocked them. However, a few days later, on July 28, the employee tried again to download confidential files. This time he used NAS instead of an external hard drive and succeeded.
Jinfeng copied around 18,000 files from internal systems, including documents labeled as “Top Secret.” Interestingly, that wasn’t just a plain stamp but a classification marking. Intel claims that data transfers triggered security alarms. However, Jinfeng was able to transfer files over the course of several days.
The company tried to reach out to Luo for several months to clarify the incident. However, they were unable to contact him via phone, emails, and postal letters. In the end, Intel filed a lawsuit to obtain a court injunction to prohibit disclosure of confidential information and seek $250,000 in damages.
It’s not the first case when Intel faces a security incident. In February 2025, former engineer Varun Gupta was sentenced to two years of probation and a fine of $34,000 for stealing proprietary information. In May 2025, Intel filed a lawsuit against another former employee for allegedly committing $1 million in fraud.
In Luo's case, Intel claimed that its systems did flag his attempts to download large amounts of confidential files. However, he was able to bypass security measures by switching the external hard drive to a NAS. It's worth emphasizing that the security team did not apply any additional restrictions to the individual after preventing the first attempt to download files.
It’s unclear exactly what went wrong, but two possibilities stand out: either the security alert was lost amid other notifications, suggesting poor policy configuration or alert fatigue. Also, it's possible that Intel’s tools simply lacked the capability to fully prevent unauthorized data exfiltration.
This incident raises an important question: how can we effectively protect our data? To reliably protect sensitive data, you need to build a comprehensive security framework. Yet, implementation of an effective DLP system is the core component of a robust security posture.
What are three key pillars for an effective Data Loss Prevention (DLP) system?
Firstly, it’s the technical capability to monitor data transmission channels. A system that can’t inspect data transfers will not be able to even detect security incidents before it is already too late.
Secondly, the system must have flexible security policies. In this way, a security team will be able to fine-tune the DLP system to the needs of a particular organization and avoid alert fatigue.
And last, but not least, are advanced analytical tools. With their help, an effective DLP solution monitors which data is accessed and how it is used across a company.
Risk Monitor, the next-gen DLP solution by SearchInform, brings all of these pillars together and more. It is an all-in-one platform that combines data classification, data leak prevention, and proactive protection with watermarks in a single tool. It is swift to deploy, easy to configure, and smooth to operate. In short, Risk Monitor delivers robust and effective protection.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!