Today we are going to review a recent case of NetApp. The company accused a direct competitor executive of stealing trade secrets.

On the 6th of November, NetApp filed a lawsuit against Jón Stefánsson, former senior vice president and CTO. The company says that the ex-employee stole intellectual property and leveraged it to obtain a high-ranked position at a competing company, VAST Data.

It is known that the court issued a temporary restraining order, prohibiting Stefansson from being engaged in any activities that are related to services, products, and technologies that he was working on during his employment at NetApp.

But who is Jon Stefansson, and what scale of theft can we expect?

To answer these questions, let’s look at his career. He joined NetApp almost 10 years ago and became one of the most important employees in the company, as he was senior vice president and chief technology officer. He was in charge of cloud strategy, development of cloud storage products, and relationships with partners like Amazon, Google, and Microsoft. Thus, it's safe to say that he had access to a vast trove of sensitive data.

What is known?

The NetApp lawsuit includes several details, claiming that in spring 2025 Jon Stefansson was already planning to leave the company, as he was actively recruiting some of his colleagues to join a start-up firm under his management. It’s also known that Stefansson, together with other NetApp executives, was coding and designing software for their start-up during their employment at NetApp, which is a serious violation of the PIIA (Proprietary Information, Inventions, and Non-Solicitation Agreement). To prove their claims, the company pinpoints activity on a GitHub account named “Red Stapler.”

The role of Red Stapler

The facts are simple. Stefansson had left NetApp on June 27. A start-up named “Red Stapler” was registered on July 3 with Stefansson as the top executive. The Red Stapler team included 6 ex-NetApp employees, besides Stefansson. Ten weeks later, on September 9, VAST Data bought the Red Stapler company. VAST Data’s press release mentions that Red Stapler’s “cloud control panel and service delivery platform” is an important part of the deal.

NetApp claims that it is impossible to develop such a complicated solution in such short terms. The company notes that it spent millions of dollars over several years building its own Service Delivery Engine.

Mysterious disappearance

Before filing the lawsuit, NetApp attempted to contact Stefansson directly. According to the company, representatives were unable to reach him. It is known that shortly after receiving NetApp’s first cease-and-desist letter, Stefansson put his house up for sale and relocated to Iceland.

This incident highlights that insider cases have a complicated nature, as they combine the information security aspect with law processes. To safeguard against theft of intellectual property or other types of sensitive data, companies should implement specialized protective software, like our Next-Gen DLP system, Risk Monitor.

Firstly, the DLP system monitors all data transfer channels, preventing unauthorized transmission of confidential files. It safeguards against data leaks via emails, cloud services, USB devices, attached storages, and other transfer methods. In NetApp case, such capabilities would prevent theft of technological blueprints.

Secondly, Risk Monitor can be used to conduct internal investigations and form a list of evidence for legal actions. It logs all user operations with files and provides insights about user data modifications.

Third, it would monitor communications between Stefansson and other employees and notify the security team if any exchanges appear suspicious. The system provides security specialists with effective analytical tools, ensuring that the security team won’t be burdened under the wave of false positive triggers.