Confidential data of New York company breached in Mumbai
As per the FIR, five employees of the BPO were provided four email IDs and passwords of the NY-based firm so that they could use them to communicate with clients on behalf of the company.
Confidential data entrusted to a Bhayandar-based Business Process Outsourcing (BPO) company by a New York-based company was compromised recently. This has led to a police investigation, and the corporate espionage angle is also being probed. The BPO company registered an FIR stating that email addresses of the New York-based debt recovery company, which were used to communicate with clients, were illegally accessed from outside the BPO. One of the email IDs was allegedly accessed by a rival company in Thane. According to the FIR filed by SJ Amin, senior manager in the Human Resources department of Bhayandar-based Epicenter Technology Pvt Ltd, the company entered into an agreement with the New York-based company in April 2018 for business outsourcing. “As per the agreement, Epicenter’s BPO Operation section would deal with the clients of the New York based company on their behalf. For this purpose, the New York based company had given their data to Epicenter with a condition of keeping the data confidential,” said an officer from Bhayandar police station.
As per the FIR, five employees of the BPO were provided four email IDs and passwords of the NY-based firm so that they could use them to communicate with clients on behalf of the company. This information was shared with them confidentially.
“As per the agreement, confidential data, client list, client material and files cannot be accessed or used from outside the BPO so that the said information does not get stolen or misused. One of the BPO employees, who had access to the four email IDs and passwords, was also given a laptop by the BPO, which contained a list of clients, their email IDs and other confidential information of the New York based company. The said employee had left the BPO later, but had not returned the laptop to the BPO. Later, two other employees had also left the BPO,” said the officer.
In April, the BPO officials learnt that the four email IDs were accessed from some other computers and their passwords were also changed. “One of the email IDs was being used from another company in Wagle Estate in Thane. The BPO officials then informed the police and registered a complaint,” the officer said.
Sub-Division Police Officer (SDPO) (Mira-Bhayander) Atul Kulkarni said that it could be a case of corporate espionage by a competitor. “Epicenter Technology has lodged a complaint on June 13 and the confidential data is suspected to have been given to competitors. We are probing the role of some of the employees of the BPO who had access to the email IDs. We are recording statements of the employees who had left the BPO and are also probing if there was any hacking of email IDs etc. A case has been registered under sections 43A (Compensation for failure to protect data), 66C (identity theft), 66D (cheating by personation by using computer resource) and 72A (disclosure of information in breach of lawful contract) of Information Technology Act against unknown persons,” said Kulkarni.