Walmart Vendor’s Employees Face F.B.I. Inquiry for Snooping on Retailer’s Internal Emails

March 8, 2019

The F.B.I. is investigating whether employees of one of Walmart’s technology contractors obtained sensitive information by monitoring email accounts at the retail giant, including those of several executives.

The investigation into the employees of Compucom is described in an application for a search warrant filed by the F.B.I. in federal court. It was approved by a federal judge in Fayetteville, Ark. in August.

In the court filing, the F.B.I. accused the Compucom employees of sifting through internal Walmart correspondence in search of information that could give the firm an edge over competitors. In at least one instance, the filing says, the Compucom employees obtained information that may have helped the firm submit a winning bid.

A spokesman for Compucom, which was acquired by Office Depot for $1 billion in 2017, said the company was cooperating in the investigation.

“As this is an active investigation, we cannot comment on the matter,” the company said in a statement.

The case exposes a potential vulnerability for companies that rely on contractors for technical work, giving outsiders broad access to sensitive internal documents with little oversight in the process. It also raises questions about how technicians hired to support the computer system of one of the world’s largest and most insular corporations were able to gather information from employee emails.

As described in the F.B.I. document, the scheme ran from late 2015 through early 2016 and does not appear to have been particularly sophisticated: A Compucom employee working on Walmart’s technical help desk used his personal email account to relay information gleaned from company emails to his supervisors.

A spokeswoman for the F.B.I. declined to comment.

The scheme was discovered after a Compucom technician took a photo of an email about an internal Walmart disciplinary matter and sent it to a Walmart employee he had been chatting with on an instant messaging system, according to the F.B.I. filing.

The photo was then forwarded accidentally to the daughter of a second Walmart employee who reported it to the company’s security department. Walmart filed a complaint with the F.B.I. about the suspected breach in September 2016.

A Walmart spokesman said the company terminated its contract with Compucom and has put in place “new tools to improve our monitoring process” of I.T. contractors in light of the incident. Walmart said its own investigation into the matter showed no customer information was compromised.

“Companies with an extensive communications network like ours require the support of different partners and a high level of trust,” the spokesman, Randy Hargrove, said. “We relied on this vendor but their personnel abused their access and we want those responsible to be held accountable.”

When a Walmart executive who managed the retailer’s technology operations confronted a Compucom manager about the breach, the contractor blamed it on a “bad employee” and said the firm had “made changes to fix the issue,” the F.B.I. document says.

But, according to the document, the scheme involved several Compucom employees.

Investigators found that one of the contractor’s employees had gained access to the email accounts of Walmart’s chief executive and others involved in approving contracts with vendors like Compucom, the filing says.

The Compucom employee, according to the F.B.I., would scroll through Walmart emails to obtain information about competing contractors’ bids and then pass what he learned on to his managers.

Those managers provided the employee a list of Walmart employees whose emails they should try to get a look at to gain an edge in the bidding process. Walmart, the world’s largest retailer, was an important customer for Compucom, which maintained an office in Bentonville, Ark., near Walmart headquarters.

Founded in 1987, Compucom describes itself as “the largest employee field technician work force in North America.” It says that it works with small businesses as well as major corporations, “including six of the top 10 Fortune 500 companies.”

Office Depot bought Compucom as a first step toward broadening its business beyond selling office supplies in stores to include offering technology services to companies.

Let's block ads! (Why?)