Rockstar Games Firings: A Case Study in Insider Threats

Rockstar Games, the studio behind Grand Theft Auto, has once again found itself in the spotlight. This time it is not because of a game release but because of a wave of firings that the company says were tied to insider leaks of confidential information. The controversy has raised questions about how insider threats are defined, how they are managed, and whether companies sometimes use the label of “leak” to justify broader labor actions.

Who Was Involved

In late October 2025, Rockstar terminated between 30 and 40 employees across its UK and Canadian offices. The company described the dismissals as cases of gross misconduct. The Independent Workers’ Union of Great Britain (IWGB) quickly stepped in, claiming that the firings were not about leaks at all but about union activity. According to the union, all of the dismissed employees were part of a private Discord group where union organizers occasionally joined discussions (Eurogamer, 2025).

What Happened

Rockstar’s official position is that employees were sharing confidential information in public forums. The company classified this as a breach of trust and a violation of its policies. From a security perspective, this fits the definition of an insider threat: individuals with legitimate access to sensitive data who disclose it without authorization.

The union disputes this characterization. They argue that the conversations were about workplace conditions and organizing, not about leaking intellectual property. This distinction matters because if the information was related to union activity rather than proprietary game development, then calling it an insider threat may be misleading.

When It Occurred

The firings took place in October 2025, but the roots of Rockstar’s heightened sensitivity to leaks go back to September 2022. That was when the studio suffered one of the largest leaks in gaming history. More than 90 videos of early Grand Theft Auto VI development footage were stolen and published online. The breach cost Rockstar millions of dollars and thousands of developer hours to recover from (BBC, 2022).

Since then, the company has taken a hard line on leaks. In 2024, Rockstar mandated a full return to office policy, citing the need to reduce leak risks. That decision was criticized by unions as reckless and anti-worker (Eurogamer, 2024).

Where It Took Place

The recent terminations affected Rockstar’s offices in the UK and Canada. These locations are significant because they have active labor organizing efforts. The IWGB has been vocal in representing UK based developers, while Canadian labor laws provide different protections. The geographic spread shows that Rockstar was not targeting a single office but applying its insider threat policies across multiple regions.

Why Rockstar Took Action

Rockstar’s justification is straightforward. The company says it cannot tolerate leaks of confidential information, especially given the scale of past breaches. Protecting intellectual property like Grand Theft Auto VI is a billion dollar priority. From their perspective, any disclosure outside approved channels is a threat to the business.

The union’s explanation is very different. They argue that the firings were an attempt to disrupt union organizing and silence dissent. IWGB called it “one of the most ruthless acts of union busting in UK games industry history” (Eurogamer, 2025).

How It Was Discovered and Managed

Rockstar has not disclosed the exact method by which it discovered the alleged leaks. What is clear is that the company monitored employee communications and identified the Discord group as a source of concern. Once the group was linked to discussions about confidential information, Rockstar classified it as misconduct and moved quickly to terminate those involved.

The company’s response was decisive but controversial. By framing the issue as insider threat, Rockstar positioned itself as defending its intellectual property. By contrast, the union framed the same events as an attack on worker rights.

Insider Threat Perspective

From a security lens, this case is a textbook example of how insider threat programs can intersect with labor disputes. The statistics are striking: 30 to 40 employees terminated in one sweep, all linked to a private communication channel. That scale of action is rare in insider threat cases, which usually involve one or two individuals.

The Rockstar case highlights three key lessons for insider threat management:

1. Clear definitions matter. If companies classify union discussions as leaks, they risk eroding trust and credibility in their insider threat programs.
2. Transparency is critical. Employees need to understand what constitutes confidential information and how it should be handled.
3. Balance is essential. Over classifying normal employee activity as insider threat can fuel disputes, while under classifying genuine leaks can expose billion dollar projects.

For security teams, the Rockstar firings are a reminder that insider threat management is not just about technology and monitoring. It is also about culture, communication, and the fine line between protecting intellectual property and respecting worker rights.

Sources

• BBC News. “Grand Theft Auto VI footage leaked online in major security breach.” September 2022. https://www.bbc.com/news/technology-62947155
• Eurogamer. “Rockstar fires dozens of employees over alleged leaks, union calls it union busting.” October 2025. https://www.eurogamer.net/rockstar-fires-dozens-of-employees-over-alleged-leaks-union-calls-it-union-busting
• Eurogamer. “Rockstar mandates return to office, unions call it reckless.” March 2024. https://www.eurogamer.net/rockstar-mandates-return-to-office-unions-call-it-reckless