More than 20 gigabytes of proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party, likely the result of a data breach from earlier this year.
The announcement of the “first 20gb release in a series of large Intel leaks” was made by user and IT consultant Tillie 1312 Kottmann #BLM on Twitter, who called the information “Intel exconfidential Lake Platform Release.”
“Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret,” according to the tweet.
Intel later confirmed the leak of the data—which was publicly available on BitTorrent feeds yesterday–in a published report on Ars Technica.
The data appears to be from the Intel Resource and Design Center, which hosts information for registered users who are typically Intel customers and partners, a spokeswoman said in the report. The information is provided to these users via the center under NDA.
Intel does not believe its network was breached, but rather that “an individual with access downloaded and shared this data,” she said. There also is a chance the information leaked is not current, something the company is currently trying to determine, the spokeswoman added.
It’s a very common practice for tech companies to share confidential information about forthcoming technology and product releases with their customers and partners before the information is publicly available.
Even with trusted relationships and NDAs in place, organizations still run the risk that this intellectual property (IP) will make it into the public forum before the company itself is prepared to publicize it, which is “often an unavoidable part of doing business,” said Erich Kron, a security awareness advocate at security firm KnowBe4.
“While this appears to be an issue related to a third party, it does underline the security concerns around intellectual property when working with business partners both up and down the supply chain,” he said in an email to Threatpost.
Indeed, while data breaches often are considered in the context of jeopardizing the privacy of clients or customers and the potential use of that data for financial gain by threat actors, a company’s IP can be just as valuable, and the results of it falling into the wrong hands just as damaging, Kron noted.
“This intellectual property can be very valuable to potential competitors, and even nation states, who often hope to capitalize on the research and development done by others,” he said.
Intel continues to investigate the incident, which is ongoing, as the attacker claims to have more data to release from the leak. This could actually help Intel “narrow down the source of the breach,” Chris Clements, vice president of Solutions Architecture at security firm Cerberus Sentinel, said in an email to Threatpost.
In the meantime, the leak highlights the constant challenge organizations face when balancing their distribution of non-public info outside of the company with ensuring that information isn’t misused or redistributed in an unauthorized way, he said.
“For the most part once the documents leave your network you have very little control of where they end up,” Clements said.
Complimentary Threatpost Webinar: Want to learn more about Confidential Computing and how it can supercharge your cloud security? This webinar “Cloud Security Audit: A Confidential Computing Roundtable” brings top cloud-security experts from Microsoft and Fortanix together to explore how Confidential Computing is a game changer for securing dynamic cloud data and preventing IP exposure. Join us Wednesday Aug. 12 at 2 p.m. ET for this FREE live webinar with Dr. David Thaler, software architect, Microsoft and Dr Richard Searle, security architect, Fortanix – both with the Confidential Computing Consortium. Register Now.