Online retailers Showpo and Black Swallow have settled their data breach dispute, after Showpo alleged one of its former graphic designers downloaded the company’s entire customer database and passed it on to her new employers at Black Swallow.
Sydney-based Black Swallow has been ordered to pay $60,000 to Showpo in instalments over the next several months and both parties are to pay their own legal costs. Following these payments, the case is to be dismissed.
Graphic designer Melissa Aroutunian, 24, has been permanently restrained from using or disclosing the client contact list and has been ordered to cover her legal costs.
Showpo, which is on track to book $25 million in revenue for 2016 and was founded in 2010 by entrepreneur Jane Lu, is an online retailing business selling fast and affordable fashion.
Black Swallow, which launched 18 months ago, is a smaller, but similar e-commerce business.
Before last week’s settlement, Ms Aroutunian was accused of exporting Showpo’s 306,000-strong customer database before she resigned from the company last year. Showpo alleged Ms Aroutunian passed it on to Black Swallow, which began sending promotional emails to the contacts.
The database included contact information of customers, contacts, buyers, suppliers, associates, competition entrants, web users and subscribers.
There was no credit card or financial information contained on the list.
Showpo had also accused Black Swallow of marketing itself as an affiliate of the company by using similar branding, but the court has not ordered Black Swallow to amend its logos or its website.
Previously, Black Swallow chief executive Alex Baro denied he offered Ms Aroutunian payment in return for copying the client list.
Both Showpo and Black Swallow declined to comment on the court orders. The insider threat
According to Deloitte, some 14 per cent of data breaches are perpetrated by disgruntled ex-employees.
Commenting on matters unrelated to Showpo’s allegations, Steve Durbin, managing director of the Information Security Forum, said: “Between human error and malicious insiders, time has shown us the majority of data breaches originate inside company walls.
“Employees and negligence are the leading causes of security incidents but remain the least reported issue.”
Carnegie Mellon University has found that 70 per cent of insiders who stole intellectual property from an employer did so within 60 days of their termination from an organisation.
Mr Durbin recommends companies regularly re-evaluate who has privileged access to company data and include security and trust in supervision, performance management and appraisals.
“It is useful to consider, at each stage of the employment life cycle, what trust the organisation is placing in people, and what can be done to reduce risk and improve trustworthiness,” he said.