Ex-UBS Employee Suspected of Data Theft Becomes a Fugitive

A former UBS employee, known as “Rene S.” is suspected of commercial espionage, believed to have stolen account and financial details on more than 200 UBS clients back in 2010 and selling the data to German tax officials for $1.3 million. According to Bloomberg, the accused has gone missing.

What’s most fascinating about this story is the lack of detail it appears UBS has to conclusively identify “Rene S.” as the threat actor. Let’s look at how UBS knows it was Rene S.

If it was your organization, you’d like to know based on logged user activity data from the application hosting the data stolen, right.? In the case of UBS, it was mere deduction; according to UBS human resources, the bank identified Rene as the perpetrator through a process of elimination based on who had access to all systems involved.

The problem with this method is it doesn’t conclusively prove which person is responsible – sure, Rene’s user account has all the access necessary, but that doesn’t mean he did it. In fact, another UBS employee asserted that it was actually a computer technician that stole the data.

While we’re not sure how this trial will end up (particularly if the accused doesn’t show up), but we do know one thing – employers need conclusive evidence that will stand up in court when it comes to data theft.

Organizations with data sensitive enough to take someone to court should it be stolen need to have an unalterable audit trail that provides a clear picture of who performed the act, what actions were taken, and provide activity detail before and after the data theft (e.g., communications with, in UBS’ case, the German tax authorities, or the transferring of files via webmail, file sharing, etc.). Those organizations leveraging Employee Monitoring Software have visibility into all aspects of a user’s interaction with the network, systems, applications, and data. With playback of screen recordings, demonstrating what transpired makes cases like UBS’ open and shut.