End User Sues ADT/Tyco For $42 Million

By: Carlton Purvis, Published on May 06, 2013

It was the biggest drug heist in American history. Burglars drove an 18-wheeler up to the Eli Lilly distribution center in Enfield, Connecticut, disabled its security system, rappelled through the roof and made off with $75 million in pharmaceuticals. [UPDATE May 7, 2013 - case dismissed, then refiled with new claims against ADT / Tyco].

Last summer, the U.S. Attorney’s office indicted 11 people for selling drugs stolen from the facility [link no longer available], but the burglary case has centered around the Villa brothers, Amaury and Amed, who are now awaiting trial in Connecticut [link no longer available]. 

Eli Lilly’s insurance company, National Union Fire Insurance, is suing Tyco and ADT to recover money it paid out after the heist. National Union believes ADT’s failure to protect sensitive security information led to the heist and is asking for $42 million in damages. In this note, we review the complaint and situation.

Background

According to court filings, ADT has provided security equipment and monitoring for Eli Lilly’s Enfield locations since 1974. In August 2004, ADT reviewed the distribution center’s security system and provided Eli Lilly with a report that included an inventory of all its existing security equipment and suggestions for additional surveillance. Later than year, Eli Lilly signed a 5-year contract with ADT to implement the improvements noted in the report. The contract included annual inspections and reports.

In 2009, ADT again evaluated the Enfield facility, this time to “review of the adequacy of the services provided” under the 2004 contract.

In contrast to the 2004 report, which did not include any maps or diagrams of the facility or highlight any vulnerabilities, the 2010 one included detailed information on camera locations, their directional views, and items within their view. It included blueprints of the facility marked with coordinates of “every motion detector, beam, roof hatch, intercom, overhead door contact, fixed camera, panic button, card recorder, glass break sensor, contact, control panel and keypad,” according to the complaint from National Union. The report also noted that the master control room was not covered by cameras or motion detectors.

ADT “compiled a complete and thorough report of Plaintiff’s existing security system created a “comprehensive guide to every security vulnerability and flaw inherent in that system,” the complaint says. Less than a month after the report was created someone made off with a tractor-trailer worth of pharmaceuticals.

Too Many Coincidences?

National Union believes thieves had access to the report and here is why (see the full complaint):

  • ADT’s offices are based in Boca Raton, Florida. The two men indicted for the burglary were from Florida.
  • Thieves at the Connecticut facility parked the tractor-trailer at the only loading dock outside of view of the facility's surveillance cameras.
  • The burglars crossed entire length of the roof and entered by cutting a 2 foot by 2 foot hole above the master control room -- the same area highlighted in the 2010 report and the only area inside the facility not covered by surveillance equipment. Then, they disabled the security system.

All of this evidence is circumstantial, however, and still does not rule out that someone from Eli Lilly could have leaked the plans just as easily as someone from ADT. But National Union believes several other ADT-related burglaries show ADT had a leak for years. 

The complaint includes narratives of burglaries in Orlando, Grand Prairie, Texas and East Peoria, Illinois. In all of the burglaries, which go as far back as 2008, the facilities had been recently audited by ADT.

Amed or Amaury Villa, the men indicted for the Eli Lilly case, were connected to two of them. Amaury Villa’s lawyer says she had never heard of security plans being involved in the burglary until National Union filed its complaint.

National Union believes that ADT's efforts to centralize storage of sensitive confidential information to a facility in Florida contributed to the leak. The pattern: ADT does a vulnerability assessment, then not long after, a facility is burglarized by thieves with advanced knowledge of security systems. 

Feedback from National Union / Eli Lilly

A spokesperson for Eli Lilly referred all questions related to the case to National Union. A spokesperson for National Union said they do not talk about pending litigation, but he would see what additional information he could provide when asked what proof outside of the complaint National Union had of ADT’s negligence.  

National Union says the Eli Lilly heist was foreseeable and ADT is negligent for failing to alert its clients of the burglaries involving bypassed alarm systems and failing to safeguard sensitive information. ADT “had a duty to act upon the knowledge that multiple burglaries of facilities in which it provided security services, had taken place utilizing confidential information about the details of the security systems in existence,” the complaint reads. 

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

How Are Companies Securing Sensitive Client Information?

A Tyco Integrated Systems representative told us at ISC West that they could not speak specifically on the Eli Lilly case, but that it was unusual for these kinds of reviews to contain detailed information like blind spots and vulnerabilities. They usually contain a list of recommended equipment and only sometimes list existing equipment. 

When sensitive reports are produced, they are stored on a secure network accessible to only Tyco employees and vulnerabilities are not commonly put on paper. For security reasons they are discussed in person or on the phone, they said. 

“We see a lot of inside jobs from companies,” one Tyco representative said. “They should take a look at their loss prevention people and that turnover.”

UPDATE: Case Dismissed

On April 16th, National Union voluntarily dismissed its case against Tyco and ADT, according to court documents released yesterday. This comes two weeks after Tyco filed a motion to dismiss. In its motion, Tyco says Eli Lilly’s contract with National Union blocks it from suing on Eli Lilly’s behalf. Additionally, the motion says the suit was brought after Connecticut’s statute of limitations expired.

A lawyer for National Union confirmed this afternoon that the case was dismissed, but to “keep an eye on the Florida docket.”

UPDATE: Refiled

The case has now been filed in Florida. In this new suit, National Union directly says Amaury and Amed Villa had access to ADT's records. Maria Elena Perez, the Villa's lawyer, said she still does not know what evidence, if any, National Union has connecting them to leaked security plans. Until the suits, she said, she had never heard of her clients having Eli Lilly security plans as part of the burglaries. 

“Civil complaints aren’t evidence. There are things people say in civil complaints that aren’t always true,” said Villa’s lawyer. Perez said National Union is also suing her client.

Comments (1) : Members only. Login. or Join.

Related Reports

ADI Branch Burglary on Apr 03, 2020
A security systems distributor branch is an odd target for burglary but that happened this week at ADI's Memphis location. Vehicle Smash &...
Washington DC Surveillance Hackers Arrested on Dec 29, 2017
The US Department of Justice has announced that "Two Romanian Suspects Charged With Hacking of Metropolitan Police Department Surveillance Cameras...
Axis Bad Marketing - Panoramic Commercial on Nov 23, 2018
Axis is bad at marketing. Recall last month - Axis: "No One Wants To Buy A Camera" and, more generally their 2018 production introductions. But...
Verkada Salesman Falsely Alleges Competitor Bankruptcy on Jan 02, 2020
A Verkada salesman falsely told a large end-user that the user's VMS provider faced bankruptcy. Verkada management acknowledged the error to...
Eagle Eye Networks Cloud VMS Tested on Jul 26, 2018
Eagle Eye has become one of the most significant players in the industry in the past few years: Eagle Eye's Owner Acquired Brivo Eagle Eye...
Start Up Safe Zone $150 Gunfire Detector Profile on Mar 06, 2019
While gunfire detectors have been around for years, typically they are limited to enterprise level or municipal deployments. Startup AVidea, makers...
Hikvision USA Misleads Dealers On Backdoor on Oct 03, 2017
Hikvision USA emailed their dealers overnight with their 5th cyber security 'special bulletin' of the year. Misleading Unfortunately, they...
When Your Salesperson Creates An International Incident (Amazon / ICE) on Oct 23, 2018
Having your salespeople be aggressive and go after big accounts is a virtue, mostly. On occasions, it can cause problems. A new case involves...
Covert Facial Recognition Using Axis and Amazon By NYTimes on May 20, 2019
What if you took a 33MP Axis camera covering one of the busiest parks in the US and ran Amazon Facial Recognition against it? That is what the...
Assa Abloy Acquires August on Oct 25, 2017
The mega access control manufacturer, Assa Abbloy, has acquired [link no longer available] one of the most well funded access control startups,...

Most Recent Industry Reports

Sperry West / Alibaba Tablet Temperature Measurement Tested on Jul 07, 2020
In April, we ordered a ~$500 temperature tablet from Alibaba. We set it to the side while doing 18 other temperature screening tests but, after...
Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a 145-page eBook. Designed for managers, salespeople, and engineers new...
Startup Duranc Presents AI VSaaS on Jul 06, 2020
Duranc presented its system at the May 2020 IPVM Startups show. A 30-minute video from Duranc including IPVM Q&A Background on the...
Low Voltage Nation Wants to "Help You Carve Out A Fulfilling Career" Interviewed on Jul 06, 2020
It is difficult to make your way in this industry as there is little formal schooling. However, one person, Blake Urmos, the Founder of Low Voltage...
The Next Hot Fever Detection Trend - $100 Wall-Mounted Units on Jul 06, 2020
The first wave of the booming fever detecting market was $10,000+ cameras, now interest for ~$2,000 tablets is high and the next big thing may be...
Cisco Meraki Unlocks IP Cameras With RTSP Tested on Jul 06, 2020
Meraki opened up its cameras to 3rd party NVRs/VMSes by offering RTSP streaming because of "the need to solve a business problem". We tested...
Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing campaign using NBCUniversal's assets was not allowed. Hikvision mass...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI on Jul 02, 2020
Vintra presented its FulcrumAI object recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...