Summer may be over, but August delivered a series of striking – and eye-opening –security incidents. In this edition: insiders undermine a TikTok rival, TSMC takes ex-employees to court, and the FBI catches a bribery attempt in action.
What happened: Two major cases of corporate espionage came to light.
How it happened: On August 6, 2025, TSMC, the world’s largest semiconductor manufacturer, spotted suspicious patterns of file access and began an investigation. The findings showed that several employees had attempted to steal confidential information about the company’s breakthrough 2-nanometer chip technology. Those involved were dismissed, and legal proceedings were initiated.
Another case became known just a few days earlier, on August 4, when media reported that no fewer than fourteen former Huawei employees had been sentenced to prison for stealing confidential data on chips.
Court documents describe how one of the corporate spies left Huawei in 2019 and founded a new company – Zunpai Communication Technology. He then recruited several former colleagues, and together they developed their own chips.
Huawei claimed the new designs were based on its trade secrets and therefore filed a lawsuit asking the court to freeze Zunpai’s assets. The outcome of that request is unknown, as there are no open records available. However, given that the ex-employees received prison sentences, it is highly likely the court ruled in Huawei’s favor.
What happened: A U.S. government security officer tried to bribe a colleague in order to secure a contract for his private company.
How it unfolded: In summer 2025, prosecutors filed charges against Edward Doherty, a security specialist at the U.S. Department of Energy. He was accused of attempting to bribe a colleague to win a government contract for his own business.
According to the official press release, Doherty had joined a deferred separation program in February 2025 – a scheme that allows employees to resign voluntarily while remaining on paid leave for a certain period. But instead of enjoying a well-deserved rest, the security officer decided to “pave the way” for his private venture, a company he had set up in case he left government service.
Just before his final departure, he attempted to bribe a colleague responsible for contractor selection. The colleague turned out to be honest and reported the incident to law enforcement. That triggered a sting operation: Doherty had to be caught red-handed. And that is exactly what happened in July 2025, when he delivered his first bribe. For this offense, he now faces a minimum of 15 years in prison – a far cry from the honorable retirement he might have envisioned.
What happened: The CEO of an outsourcing company stole almost $2.5 million that should have gone to elderly Americans.
How it happened: James Campbell, 47, founded Axim Fringe Solutions Group (Axim) to help U.S. organizations manage employee benefits efficiently and lawfully.
In practice, Axim handled pension, insurance, and other contributions and payments to employees of its clients. The process worked as follows: Axim received funds from clients, transferred them to the appropriate accounts, and charged a commission of $40 per employee per month.
Recently, Campbell was accused of making 135 unauthorized withdrawals, diverting almost $2.5 million intended for current and former employees. Court documents state that Campbell laundered and spent the money on personal indulgences: jewelry, gambling, hunting trips in Alaska, and more.
If found guilty, the entrepreneurial outsourcer faces up to 15 years in prison.
What happened: An employee devised a fraudulent scheme through which he stole $20 million from his employer.
How it happened: The prosecutor’s office of Beijing’s Haidian District published a white paper describing an unusual insider incident.
At the center of the story is Feng, a senior manager at Kuaishou, the Chinese short-video platform and rival to TikTok. He was responsible for working with contractors: deciding which partners were suitable, onboarding them to the platform, and managing bonus payments.
Contractors included not only content creators but also businesses using the platform as a marketing tool.
During Kuaishou’s rapid growth, when workloads were overwhelming, Feng quietly altered the bonus distribution policy. He then conspired with two suppliers - Tan and Yan. Using loopholes in the system and insider knowledge, they arranged fraudulent payouts for work that was never actually performed.
This went on for a year until Kuaishou’s security team flagged the unusually large and frequent transactions. A joint investigation with prosecutors revealed that Feng had funneled about 140 million yuan (~$20 million) to shell companies. The funds were then routed to overseas trading platforms and converted into cryptocurrency. To conceal the trail, the fraudsters used crypto mixers but that did not help.
Ultimately, Feng and his accomplices were exposed and sentenced to prison terms ranging from three to fourteen years, along with heavy fines.
What happened: An employee spent $140,000 of company funds on Pokémon cards and games.
How it unfolded: In September 2021, Michael Gross, 34, began using a corporate credit card to purchase Pokémon trading cards, video games, and digital gift cards. To avoid suspicion, he falsified expense reports and receipts for accounting.
This went on until October 2022, when his apparent enthusiasm for Pokémon seems to have waned. Gross might have remained undiscovered, but by chance, the FBI came across suspicious charges during a different investigation at the company.
It turned out that over the course of a year, Gross had misappropriated just over $140,000. In August 2025, he was sentenced to four months in prison.
Notably, this is not the first case where a passion for Pokémon pushed employees to break the law. For instance, in January 2025, a similar case emerged in Singapore. Lindberg Yeo Yu Wei, an accountant at a biomedical company, abused his role in processing payments by altering recipient details to his own accounts.
By November 2023, his colleagues discovered the irregularities, demanded repayment, and filed a lawsuit. Investigations showed that Yeo had stolen more than $500,000, which he spent on Pokémon cards, Rolex watches, gambling, and more. On January 22, 2025, he was sentenced to 19 months in prison.
What happened: A university payroll manager stole over €2.3 million from her employer.
How it unfolded: On August 14, 2025, Francine Farrugia, payroll manager at the Malta College of Arts, Science and Technology (MCAST), appeared in court accused of embezzling more than €2.3 million.
The MCAST payroll system allows salaries to be split between two accounts. Farrugia exploited this feature to create “extra salaries” that she funneled into her own account. After each transaction, she deleted the records so colleagues would not notice.
This scheme continued for two years, during which she accumulated over €2 million. Police determined that Farrugia spent the money on luxury clothing, designer handbags, expensive jewelry, and real estate.
On August 21, 2025, she was released on bail of €50,000 but was required to report daily to a police station. It is unlikely the case will end there, especially since in addition to her payroll role, Farrugia was also a politician and local councilor in the town of Siggiewi.
What happened: A researcher uncovered multiple vulnerabilities in McDonald’s systems but was met with indifference from the company.
How it unfolded: On August 17, 2025, ethical hacker bobdahacker shared details on his website about vulnerabilities in McDonald’s services, along with his frustrating experience trying to report them.
The story began when he found a flaw in the mobile app’s loyalty system: it failed to verify bonus points with the server, allowing users to inflate balances and order free food. When he contacted a company engineer, the response was dismissive – the engineer was “too busy.” Days later, the vulnerability was quietly fixed.
Encouraged, the researcher examined other public-facing McDonald’s platforms. He discovered that the McDonald’s Feel-Good Design Center, a global marketing portal, was protected only by client-side passwords. It took the company three months to implement proper account systems.
He also found that simply replacing “login” with “register” in the portal’s URL allowed creation of internal accounts, with plaintext passwords sent via email.
Further investigation revealed hardcoded keys in the site’s JavaScript, including an API key for Magicbell, which could be abused to harvest user lists and send phishing emails from McDonald’s infrastructure.
Among several other flaws, one even allowed defacement of a McDonald’s site – with none other than Shrek appearing on its pages.
Reporting these issues was a challenge in itself. The McDonald’s site lacked a security.txt file, a standard way for researchers to report vulnerabilities. As a result, bobdahacker resorted to cold-calling the company’s headquarters, citing random names of security employees he had found on LinkedIn, until eventually someone senior enough gave him a real contact address.
Most of this month’s cases stem from insiders misusing access and trust. To prevent similar scenarios, companies should implement continuous monitoring of sensitive data and financial transactions. Tools like DLP or DCAP can help flag unusual access patterns or unexpected transfers before they grow into million-dollar losses.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!