A document leak occurs when confidential information, often involving sensitive or private data, is made public without a company’s consent. Such leaks occur via a variety of channels, including email, social media, instant messaging applications and shared drives. They may be deliberate or accidental. For example, employees may forget to secure files before uploading them to cloud platforms or share them with unauthorized recipients on platforms like Dropbox and Google Drive. They may also lose USB drives or print documents from unsecured corporate printers, or simply be careless about how they share files on the internet or over messaging apps.
The most significant examples of this type of leak include the US diplomatic cables leak of 2010 in which Wikileaks published thousands of classified documents handed over by the army private Chelsea Manning, and the 2013 NSA leaks by former US National Security Agency contractor Edward Snowden, who revealed secret details of the UK’s Tempora and America’s PRISM clandestine espionage programmes to the Guardian and Washington Post. The leaking of these documents resulted in Mr Snowden being charged with espionage and he is now living in exile. Other well-known whistleblowers have included Daniel Ellsberg who exposed information commissioned by the RAND Corporation about the Vietnam War and Mordechai Vanunu who leaked Israeli nuclear technology to the British press in 1986.
In cases of document leak, our investigators focus on identifying the scope of the leak by reviewing how and where it surfaced, mapping out a chain of custody between the point of dissemination and the point of origin (such as a confidential meeting or internal file), and determining who had access to the information. Using this evidence, we make recommendations to prevent similar incidents, including cyber security review (such as forensic analysis of endpoints or tracing malware), improving access controls and security awareness, and auditing shared drives, email systems and communication platforms.