Bad times for the French firm Capgemini, whose trial against Razer has been going on for two weeks before the High Court of Justice in Singapore.
The ex-Capgemini employee suspected of having allowed a major data leak from Razer in spite of himself, changed his version of the facts during the trial.
An agreement is in the process of being found between the two parties.
It is an important trial that has been held since July 13 in the High Court of Justice of Singapore. Capgemini is attacked there for having disclosed the data of 100,000 customers of the firm Razer in free access on the Net, also revealing all the products developed by Razer and called to join the market during the last two years.
The damage, estimated at 7 million US dollars by the Singaporean IT company, could according to our information be the subject of common ground between the two parties. An amicable agreement around a sum equivalent to 10 million US dollars could be found soon.
It must be said that the progress of the procedure is made relatively delicate by the change of version, which occurred on July 21, of the now ex-employee of Capgemini, Mr. Argel Cabalag, suspected of having made the error leading to this leak.
Indeed, the latter has long denied as a whole being responsible for improper handling being the cause of the leak, which is no longer the case now. A report submitted on June 24 by a cybersecurity expert commissioned by Razer points to the potential guilt of Mr. Cabalag.
The origin is the addition of a hashtag in the line of code
The initial incident dates back more than two years, on June 18, 2020. On this date, Argel Cabalag is head of technology at Capgemini. Its client, Razer, is having difficulty resolving a problem with a server from the ELK suite, advised by Capgemini. Mr. Cabalag, trying to solve it, would have inadvertently added a hashtag in the line of code of the Kibana application, the latter ensuring the security of the ELK suite. A configuration error generated in a short window of 16 minutes which could therefore cost Capgemini dearly, knowing that Mr. Cabalag denied for a very long time having acted in this way with his management at the time.
The breach would however have been known to Razer as early as August 2020, without any reaction, then was spotted on September 9, 2022 by an independent security consultant. It is the latter who estimated the number of customer data made public, while ensuring that sensitive information such as the bank details of Razer customers, were not disseminated.
Argel Cabalag had managed, on September 10, 2020, to close the security breach. The differences between Capgemini and Razer around their potential liability in this case could therefore find a favorable outcome through the potential amicable agreement.
Sources: The Straits Times, Today Singapore
6