The Chipmaker Intel is investigating a leak of intellectual property from its partner & Customer Resource Centre.
Over 20GB of proprietary data & source code from Intel Corp. was put online by a 3rd party, probably the result of a data breach from earlier in 2020.
The announcement of the “first 20gb release in a series of large Intel leaks” was made by user & IT Consultant Tillie 1312 Kottmann #BLM by Twitter, who described the information “Intel exconfidential Lake Platform Release.”
“Most of the things here have NOT been published ANYWHERE before & are classified as confidential, under NDA or Intel Restricted Secret,” says the tweet.
Intel later confirmed the leak of the data, which was publicly available on BitTorrent feeds in a published report on Ars Technica.
The data seems to be from the Intel Resource & Design Centre, which hosts information for registered users who are typically Intel customers & partners, a spokeswoman commented in the report. The information is provided to these users via the centre under NDA.
Intel does not believe its network was actually breached, but rather that “an individual with access downloaded & shared this data,” she suggested. There also is a chance the information leaked is not current, something the company is currently trying to determine, the spokeswoman further added.
It is a v. common practice for tech companies to share confidential information about forthcoming technology & product releases with their customers & partners before the information is publicly available.
Even with trusted relationships & NDAs in place, organisations still risk that this intellectual property (IP) will make it into the public forum before the company itself is prepared to publicise it, which is “often an unavoidable part of doing business,” suggested Erich Kron, a Security Awareness Advocate at security firm KnowBe4.
“While this appears to be an issue related to a 3rd party, it does underline the security concerns around intellectual property when working with business partners both up & down the supply chain,” he mentioned in an email.
While data breaches often are considered in the context of threatening the privacy of clients or customers, & the potential use of that data for financial gain by threat players, a company’s IP can be just as valuable, & the results of it falling into the wrong hands just as damaging, Kron noted.
“This intellectual property can be very valuable to potential competitors, & even nation states, who often hope to capitalize on the research & development done by others,” he commented.
Intel continues to investigate the ongoing incident, as the attacker claims to have more data to release from the leak. This could actually help Intel “narrow down the source of the breach,” Chris Clements, VP of Solutions Architecture at security firm Cerberus Sentinel, commented in an email.
Meanwhile, the leak highlights the constant challenge organisations face when balancing their distribution of non-public info outside of the company with ensuring that information is not misused or redistributed in an unauthorised way, he explained.
“For the most part, once the documents leave your network you have very little control of where they end up,” Clements concluded.