In 2024 and 2025, Intel faced one of the most significant insider data theft cases in the technology sector. The breach occurred during a period of mass layoffs and financial instability, exposing weaknesses in Intel’s offboarding and cybersecurity protocols. It also underscored the persistent risk posed by trusted insiders with privileged access.
The incident centered on Jinfeng Luo, a software engineer who joined Intel in 2014 and worked in Seattle. Luo specialized in electronic design automation tools and had access to highly sensitive repositories. After receiving a termination notice on July 7, 2024, with his final day set for July 31, Luo retained full system access during his notice period. This window proved critical.
On July 23, Luo attempted to copy files to an external hard drive, but Intel’s data loss prevention (DLP) systems blocked the transfer. Three days before his departure, he tried again using a personal network‑attached storage (NAS) device. This method bypassed endpoint restrictions and allowed him to exfiltrate approximately 18,000 files, including documents marked “Intel Top Secret” (PCMag, 2025; Cybernews, 2025).
The stolen data included unreleased processor design specifications, Secure Enclave program files tied to defense projects, internal strategy documents, communications with the U.S. Department of Commerce, product development files, and supplier agreements (Tom’s Hardware, 2025). The inclusion of government‑related files raised national security concerns, while the theft of unreleased chip designs posed a direct competitive threat.
Intel’s DLP and endpoint detection and response (EDR) systems flagged Luo’s initial attempt with the external drive. However, the NAS transfer went undetected until after most of the data had been stolen. Once anomalies were identified, Intel revoked Luo’s credentials, launched a forensic investigation, and notified government agencies. The company later filed a lawsuit in the U.S. District Court for the Western District of Washington, seeking damages and injunctive relief under the Defend Trade Secrets Act and the Computer Fraud and Abuse Act (Mercury News, 2025).
Despite these steps, Intel faced criticism for delayed access revocation and gaps in offboarding protocols. Luo’s disappearance complicated recovery efforts, and the company was unable to retrieve the stolen data.
Luo’s motives remain unclear. Possible drivers include retaliation after termination, leveraging data for future employment, espionage, or financial gain. Similar cases have occurred before. For example, former Intel engineer Varun Gupta stole thousands of files before joining Microsoft, later facing probation and fines (Economic Times, 2025). These precedents highlight the recurring challenge of insider risk in the semiconductor industry.
The theft occurred alongside other security issues at Intel. In August 2024, a whitehat hacker uncovered flaws in internal websites that exposed employee and supplier data. While unrelated to Luo’s actions, these vulnerabilities revealed systemic weaknesses in access control and credential management (Cybernews, 2024).
The Intel case offers several key takeaways for organizations:
Intel’s insider data theft incident illustrates the sophistication of modern insider threats and the limitations of traditional defenses. Even with advanced tools, lapses in access management and offboarding can create exploitable gaps. For enterprises, the lesson is clear: insider risk must be addressed with a mix of technical, procedural, and cultural safeguards. Zero trust, proactive monitoring, and strong offboarding protocols are no longer optional, they are essential.
Insider threats have quietly become the most persistent and costly cybersecurity risk facing organizations today.…
When the Malta tax office mistakenly sent sensitive company details to around 7000 recipients, the…
Insider threats are one of the most persistent risks facing organizations today. Whether malicious, negligent,…
In November 2025, the cybersecurity community was shaken by one of the most consequential breaches…
When most people think of insider threats, they picture rogue IT administrators or disgruntled engineers.…
Cybersecurity headlines often focus on zero‑day exploits, those mysterious vulnerabilities that attackers discover before vendors…
This website uses cookies.