End User Sues ADT/Tyco For $42 Million

By: Carlton Purvis, Published on May 06, 2013

It was the biggest drug heist in American history. Burglars drove an 18-wheeler up to the Eli Lilly distribution center in Enfield, Connecticut, disabled its security system, rappelled through the roof and made off with $75 million in pharmaceuticals. [UPDATE May 7, 2013 - case dismissed, then refiled with new claims against ADT / Tyco].

Last summer, the U.S. Attorney’s office indicted 11 people for selling drugs stolen from the facility [link no longer available], but the burglary case has centered around the Villa brothers, Amaury and Amed, who are now awaiting trial in Connecticut [link no longer available]. 

Eli Lilly’s insurance company, National Union Fire Insurance, is suing Tyco and ADT to recover money it paid out after the heist. National Union believes ADT’s failure to protect sensitive security information led to the heist and is asking for $42 million in damages. In this note, we review the complaint and situation.

Background

According to court filings, ADT has provided security equipment and monitoring for Eli Lilly’s Enfield locations since 1974. In August 2004, ADT reviewed the distribution center’s security system and provided Eli Lilly with a report that included an inventory of all its existing security equipment and suggestions for additional surveillance. Later than year, Eli Lilly signed a 5-year contract with ADT to implement the improvements noted in the report. The contract included annual inspections and reports.

In 2009, ADT again evaluated the Enfield facility, this time to “review of the adequacy of the services provided” under the 2004 contract.

In contrast to the 2004 report, which did not include any maps or diagrams of the facility or highlight any vulnerabilities, the 2010 one included detailed information on camera locations, their directional views, and items within their view. It included blueprints of the facility marked with coordinates of “every motion detector, beam, roof hatch, intercom, overhead door contact, fixed camera, panic button, card recorder, glass break sensor, contact, control panel and keypad,” according to the complaint from National Union. The report also noted that the master control room was not covered by cameras or motion detectors.

ADT “compiled a complete and thorough report of Plaintiff’s existing security system created a “comprehensive guide to every security vulnerability and flaw inherent in that system,” the complaint says. Less than a month after the report was created someone made off with a tractor-trailer worth of pharmaceuticals.

Too Many Coincidences?

National Union believes thieves had access to the report and here is why (see the full complaint):

  • ADT’s offices are based in Boca Raton, Florida. The two men indicted for the burglary were from Florida.
  • Thieves at the Connecticut facility parked the tractor-trailer at the only loading dock outside of view of the facility's surveillance cameras.
  • The burglars crossed entire length of the roof and entered by cutting a 2 foot by 2 foot hole above the master control room -- the same area highlighted in the 2010 report and the only area inside the facility not covered by surveillance equipment. Then, they disabled the security system.

All of this evidence is circumstantial, however, and still does not rule out that someone from Eli Lilly could have leaked the plans just as easily as someone from ADT. But National Union believes several other ADT-related burglaries show ADT had a leak for years. 

The complaint includes narratives of burglaries in Orlando, Grand Prairie, Texas and East Peoria, Illinois. In all of the burglaries, which go as far back as 2008, the facilities had been recently audited by ADT.

Amed or Amaury Villa, the men indicted for the Eli Lilly case, were connected to two of them. Amaury Villa’s lawyer says she had never heard of security plans being involved in the burglary until National Union filed its complaint.

National Union believes that ADT's efforts to centralize storage of sensitive confidential information to a facility in Florida contributed to the leak. The pattern: ADT does a vulnerability assessment, then not long after, a facility is burglarized by thieves with advanced knowledge of security systems. 

Feedback from National Union / Eli Lilly

A spokesperson for Eli Lilly referred all questions related to the case to National Union. A spokesperson for National Union said they do not talk about pending litigation, but he would see what additional information he could provide when asked what proof outside of the complaint National Union had of ADT’s negligence.  

National Union says the Eli Lilly heist was foreseeable and ADT is negligent for failing to alert its clients of the burglaries involving bypassed alarm systems and failing to safeguard sensitive information. ADT “had a duty to act upon the knowledge that multiple burglaries of facilities in which it provided security services, had taken place utilizing confidential information about the details of the security systems in existence,” the complaint reads. 

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

How Are Companies Securing Sensitive Client Information?

A Tyco Integrated Systems representative told us at ISC West that they could not speak specifically on the Eli Lilly case, but that it was unusual for these kinds of reviews to contain detailed information like blind spots and vulnerabilities. They usually contain a list of recommended equipment and only sometimes list existing equipment. 

When sensitive reports are produced, they are stored on a secure network accessible to only Tyco employees and vulnerabilities are not commonly put on paper. For security reasons they are discussed in person or on the phone, they said. 

“We see a lot of inside jobs from companies,” one Tyco representative said. “They should take a look at their loss prevention people and that turnover.”

UPDATE: Case Dismissed

On April 16th, National Union voluntarily dismissed its case against Tyco and ADT, according to court documents released yesterday. This comes two weeks after Tyco filed a motion to dismiss. In its motion, Tyco says Eli Lilly’s contract with National Union blocks it from suing on Eli Lilly’s behalf. Additionally, the motion says the suit was brought after Connecticut’s statute of limitations expired.

A lawyer for National Union confirmed this afternoon that the case was dismissed, but to “keep an eye on the Florida docket.”

UPDATE: Refiled

The case has now been filed in Florida. In this new suit, National Union directly says Amaury and Amed Villa had access to ADT's records. Maria Elena Perez, the Villa's lawyer, said she still does not know what evidence, if any, National Union has connecting them to leaked security plans. Until the suits, she said, she had never heard of her clients having Eli Lilly security plans as part of the burglaries. 

“Civil complaints aren’t evidence. There are things people say in civil complaints that aren’t always true,” said Villa’s lawyer. Perez said National Union is also suing her client.

Comments (1) : Members only. Login. or Join.

Related Reports

France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
First Video Surveillance GDPR Fine In France on Jul 08, 2019
The French government has imposed a sizeable fine on a small business for violating the GDPR after it constantly filmed employees without informing...
Security / Privacy Journalist Sam Pfeifle Interview on May 24, 2019
Sam Pfeifle is best known as the outspoken former Editor of Security Systems News. After that, he was publications director at the International...
Bank Security Manager Interview on May 15, 2019
Bank security contends with many significant threats - from fraudsters to robbers and more. In this interview, IPVM spoke with bank security...
San Francisco Face Recognition Ban And Surveillance Regulation Details Examined on May 14, 2019
San Francisco passed the legislation 8-1 today. While the face recognition 'ban' has already received significant attention over the past few...
ADT's Top Dealer "The Defenders" Sued 20+ Times on May 07, 2019
ADT's largest authorized dealer, The Defenders, has been sued more than 20 times since 2012, IPVM has verified through analyzing legal...
UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...

Most Recent Industry Reports

Athena CEO Criticizes 'Deplorable' 'Nitpicking', IPVM Refutes on Mar 27, 2020
Athena Security's CEO Lisa Falzone has strongly objected to IPVM's reporting on Athena, calling it 'deplorable' and repeatedly criticizing IPVM's...
Hikvision Admits Sanctions Harming Its Financial Performance on Mar 27, 2020
While Hikvision initially downplayed being sanctioned for human rights abuses, the company is now admitting a significant impact in a new PRC...
New Axis M30 Cameras Tested on Mar 26, 2020
Axis has released a new generation of, for them, relatively low cost M30 series cameras, claiming to deliver "sharp video quality even in poor...
Coronavirus Shuts Down ADT Door Knockers on Mar 26, 2020
Coronavirus has another victim - this time, alarm giant ADT has stopped all door to door sales. Door knockers are a critical but controversial...
Access Control Course Spring 2020 - Save $50 Last Day on Mar 26, 2020
Register Now - Spring 2020 Access Control Course. Today, March 26th is the last day to save $50. IPVM offers the most comprehensive access...
Convergint Coronavirus Cuts on Mar 25, 2020
One of the world's largest security integrators, Convergint, has made a major move to handle the impact of coronavirus, with cuts across the...
VSaaS 101 on Mar 25, 2020
Video Surveillance as a Service (VSaaS) is the common industry term for cloud video. But what does it mean? How does it all work? Inside this...
TVT / InVid Facial Recognition Tested on Mar 25, 2020
Facial recognition is frequently sold for thousands of dollars per channel but some China manufacturers are offering full facial recognition...
IPVM Launches On-Demand Courses on Mar 24, 2020
For nearly a decade, IPVM has been a leader in online live courses. Now, we have added on-demand versions for all courses. The same course...