BlueScope Steel stung by alleged corporate espionage

BlueScope Steel stung by alleged corporate espionage

TSCMCyber Security

BlueScope is trying desperately to retrieve ‘highly sensitive and commercially valuable’ information allegedly stolen by a disgruntled former employee.

On the day long-serving BlueScope software development manager Chinnari Sridevi “Sri” Somanchi was to be made redundant in June 2015, she was suddenly busy on the phone.

For the next two hours her redundancy meeting was delayed while Ms Somanchi was locked on the lengthy call, as her manager circled her desk trying to get her attention.

What the company did not know at the time, and now alleges, was Ms Somanchi was spending those precious hours downloading a cache of company secrets so financially important to BlueScope it has launched emergency legal action in the Federal Court of Australia and Singapore, where she is now based, to stop the information falling into the hands of its competitors.

The case of alleged international espionage has left the company reeling.

Ms Somanchi has been accused this week of downloading a trove of company documents – about 40 gigabytes – over a four-year period, including the codes she allegedly downloaded just before her redundancy meeting.

BlueScope is now trying desperately to retrieve “highly sensitive and commercially valuable” information allegedly stolen by Ms Somanchi, who it describes as a disgruntled former employee.

Ms Somanchi is also expected to be sacked this week from a BlueScope joint venture with a Japanese steel giant in Singapore, court documents show.

Chinnari Sridevi ‘Sri’ Somanchi has been accused this week of downloading a trove of company documents.

Left company reeling

The case of alleged international espionage has left the company reeling and urgently seeking a judge’s help to find and destroy trade secrets before they fall into the hands of competitors.

Losing its customised software to a rival firm would so badly damage BlueScope that it was not seeking penalties because “it is difficult to see how damages could adequately compensate BlueScope for the loss”, a senior manager’s affidavit said. The business unit at risk generates $US45 million in turnover each year.

A company spokesman confirmed it had an “IP-related matter before the courts in both Australia and Singapore” and had received an injunction this week.

It is alleged that in late September Ms Somanchi used the illegally obtained information to land a plum job as innovation manager at the 50-50 joint venture between Japanese steel giant Nippon Steel & Sumitomo Metal Corporation and BlueScope in Singapore, known as NS BlueScope.

At the centre of the trouble is BlueScope’s Lysaght business, the seller of its famous Colorbond and Ranbuild products.

Ms Somanchi is also accused of accessing BlueScope’s computer system during a visit to her former colleagues in late October, after she had already signed a contract with her new employer.

Ms Somanchi’s lawyer in Singapore, Ng Lip Chih, said: “In view of the fact that the legal proceedings are ongoing, we are not in the position to provide any comments on the matter.”

Companies don’t share IP

Court documents show that while NS BlueScope is seen as “part of the BlueScope family”, the two companies do not share intellectual property and NS BlueScope currently uses BlueScope’s software under licence. It is alleged this particular software is among the cyber loot Ms Somanchi has taken to her new position.

This case reached a climax during the Christmas and New Year Eve break, when lawyers for BlueScope sought an urgent injunction from the Federal Court to stop Ms Somanchi passing information on to anyone else and ordering her to hand over computer equipment and storage devices to KordaMentha’s Sydney office for forensic examination.

BlueScope was granted an order by Justice Mordecai Bromberg in his chambers on January 4.

It has also made an application to the High Court of Singapore seeking the same orders be applied concurrently and has engaged lawyers to serve Ms Somanchi at BlueScope’s Lysaght offices in Singapore’s industrial Jurong district.

BlueScope’s lawyers argued there was “a real possibility” Ms Somanchi, an experienced IT professional who had worked at BlueScope for more than 12 years, would try to destroy evidence of her alleged espionage without a court order and confirmed 148 files related to BlueScope had already been transferred on to her computers in Singapore.

Shortly after the 45-year-old Australian citizen and recent resident of the northern Sydney suburb of Epping had taken up the position at NS BlueScope, the Australian steel maker launched an investigation into allegations of misconduct by its long-serving employee.

Executives tipped off

Executives were tipped off to her alleged improper use of company information after Ms Somanchi returned to BlueScope’s Minchinbury offices in Sydney in late October to tell colleagues she had landed a job at NS BlueScope in Singapore.

When BlueScope national product and technical solutions sales manager Scott Perks found out about the visit he called software developer Lubna Malik – a trusted employee who is not accused of any wrongdoing and a former subordinate to Ms Somanchi – into a meeting to discuss Ms Somanchi’s visit and to reiterate the company’s policies on information protection.

“Ms Malik said words to the effect: ‘But Sri already has the source codes’,” Mr Perks said in his affidavit filed with the Federal Court.

“I asked her how that was possible and Ms Malik replied in words to the effect: ‘She took a full back-up of her computer’. At that point I ended the meeting,” Mr Perks said.

Mr Perks’ affidavit said Ms Malik said Ms Somanchi had used her computer for two hours despite Ms Malik feeling uncomfortable about her former boss’ request.

“I can think of no legitimate reason why Ms Somanchi would have the Somachi USB with these BlueScope files in her possession other than to leverage off BlueScope intellectual property and confidential information for her own professional advantage,” Mr Perks wrote in his affidavit.

Know value of information

General Manager of BlueScope’s building components Mark Crimmins noted in his affidavit that “Sri Somanchi would be the one person who would know exactly how valuable that confidential information was to BlueScope”.

The allegedly stolen data includes internal emails, 13 software packages, and source code for eight software programs – including Ranbuild’s customised shed product.

“There is also the question as to what damage Sri Somanchi’s conduct may have on BlueScope’s future licensing opportunities, if it becomes widely known that this technology is in the hands of a dissatisfied former employee who is now essentially an independent contractor,” Mr Crimmins’ affidavit said.

He added that BlueScope did not know yet how much information Ms Somanchi had allegedly stolen or where it was stored. And while BlueScope was likely to launch proceedings in Australia alleging breach of employment contract, it was not seeking damages because “. . . payment of damages will not make BlueScope’s confidential information confidential again once it has been disclosed to one or more competitors”.

Ms Somanchi was expected to be sacked by NS BlueScope this week and given a one-way ticket to Australia.

She had signed a two-year contract with the company starting October 15, 2015, on a base salary of $S170,000 ($A167,031), plus a maximum short-term bonus of 20 per cent of her base salary. Ms Somanchi’s contract also provided a further $S57,000 in living and housing stipends.

Ms Somanchi has been contacted for comment.