End User Sues ADT/Tyco For $42 Million

By Carlton Purvis, Published May 06, 2013, 12:00am EDT (Info+)

It was the biggest drug heist in American history. Burglars drove an 18-wheeler up to the Eli Lilly distribution center in Enfield, Connecticut, disabled its security system, rappelled through the roof and made off with $75 million in pharmaceuticals. [UPDATE May 7, 2013 - case dismissed, then refiled with new claims against ADT / Tyco].

Last summer, the U.S. Attorney’s office indicted 11 people for selling drugs stolen from the facility [link no longer available], but the burglary case has centered around the Villa brothers, Amaury and Amed, who are now awaiting trial in Connecticut [link no longer available]. 

Eli Lilly’s insurance company, National Union Fire Insurance, is suing Tyco and ADT to recover money it paid out after the heist. National Union believes ADT’s failure to protect sensitive security information led to the heist and is asking for $42 million in damages. In this note, we review the complaint and situation.

Background

According to court filings, ADT has provided security equipment and monitoring for Eli Lilly’s Enfield locations since 1974. In August 2004, ADT reviewed the distribution center’s security system and provided Eli Lilly with a report that included an inventory of all its existing security equipment and suggestions for additional surveillance. Later than year, Eli Lilly signed a 5-year contract with ADT to implement the improvements noted in the report. The contract included annual inspections and reports.

In 2009, ADT again evaluated the Enfield facility, this time to “review of the adequacy of the services provided” under the 2004 contract.

** ******** ** *** **** ******, which *** *** ******* *** **** or ******** ** *** ******** ** highlight *** ***************, *** **** *** included ******** *********** ** ****** *********, their *********** *****, *** ***** ****** their ****. ** ******** ********** ** the ******** ****** **** *********** ** “every ****** ********, ****, **** *****, intercom, ******** **** *******, ***** ******, panic ******, **** ********, ***** ***** sensor, *******, ******* ***** *** ******,” according ** *** ********* **** ******** Union. The ****** **** ***** **** *** master ******* **** *** *** ******* by ******* ** ****** *********.

*** “******** * ******** *** ******** report ** *********’* ******** ******** ****** created * “************* ***** ** ***** security ************* *** **** ******** ** that ******,” *** ********* ****. **** **** a ***** ***** *** ****** *** created ******* **** *** **** * tractor-trailer ***** ** ***************.

Too **** ************?National Union believes thieves had access to the report and here is why (see the **** *********):

  • ***’* ******* *** ***** ** **** Raton, *******. *** *** *** ******** for *** ******** **** **** *******.
  • ******* ** *** *********** ******** ****** the *******-******* ** *** **** ******* dock ******* ** **** ** *** facility's ************ *******.
  • *** ******** ******* ****** ****** ** the **** *** ******* ** ******* a * **** ** * **** hole ***** *** ****** ******* **** -- *** **** **** *********** ** the **** ****** *** *** **** area ****** *** ******** *** ******* by ************ *********. ****, **** ******** the ******** ******.

*** ** **** ******** ** **************, however, *** ***** **** *** **** out **** ******* **** *** ***** could **** ****** *** ***** **** as ****** ** ******* **** ***. But ******** ***** ******** ******* ***** ADT-related ********** **** *** *** * leak *** *****. 

*** ********* ******** ********** ** ********** in *******, ***** *******, ***** *** East ******, ********. ** *** ** the **********, ***** ** ** *** back ** ****, *** ********** *** been ******** ******* ** ***.

**** ** ****** *****, *** *** indicted *** *** *** ***** ****, were ********* ** *** ** ****. Amaury *****’* ****** **** *** ******** ***** ** ******** ***** ***** involved** *** ******** ***** ******** ***** filed *** *********.

******** ***** ******** **** ***'* ******* to ********** ******* ** ********* ************ information ** * ******** ** ******* contributed ** *** ****. *** *******: ADT **** * ************* **********, **** not **** *****, * ******** ** burglarized ** ******* **** ******** ********* of ******** *******. 

Feedback **** ******** ***** / *** *****

* ************ *** *** ***** ******** all ********* ******* ** *** **** to ******** *****. * ************ *** National ***** **** **** ** *** talk ***** ******* **********, *** ** would *** **** ********** *********** ** could ******* **** ***** **** ***** outside ** *** ********* ******** ***** had ** ***’* **********.  

******** ***** **** *** *** ***** heist *** *********** *** *** ** negligent *** ******* ** ***** *** clients ** *** ********** ********* ******** alarm ******* *** ******* ** ********* sensitive ***********. *** “*** * **** to *** **** *** ********* **** multiple ********** ** ********** ** ***** it ******** ******** ********, *** ***** place ********* ************ *********** ***** *** details ** *** ******** ******* ** existence,” *** ********* *****. 

How *** ********* ******** ********* ****** ***********?

* **** ********** ******* ************** **** us ** *** **** **** **** could *** ***** ************ ** *** Eli ***** ****, *** **** ** was ******* *** ***** ***** ** reviews ** ******* ******** *********** **** blind ***** *** ***************. **** ******* contain * **** ** *********** ********* and **** ********* **** ******** *********. 

**** ********* ******* *** ********, **** are ****** ** * ****** ******* accessible ** **** **** ********* *** vulnerabilities *** *** ******** *** ** paper. *** ******** ******* **** *** discussed ** ****** ** ** *** phone, **** ****. 

“** *** * *** ** ****** jobs **** *********,” *** **** ************** said. “**** ****** **** * **** at ***** **** ********** ****** ***************.”

UPDATE: **** *********

** ***** ****, ******** ***** *********** dismissed *** **** ******* **** *** ADT,********* ** ***** ********* ******** *********. **** ***** *** ***** ***** Tyco ****** ****** ** *******. ** *** ******, **** **** Eli *****’* ******** **** ******** ***** blocks ** **** ***** ** *** Lilly’s ******. ************, *** ****** **** the **** *** ******* ***** ***********’* statute ** *********** *******.

* ****** *** ******** ***** ********* this ********* **** *** **** *** dismissed, *** ** “**** ** *** on *** ******* ******.”

******: *******

*** **** *** *** **** ***** in *******. ****** *** ****, ******** ***** ******** **** ****** and **** ***** *** ****** ** ADT's *******. ***** ***** *****, *** *****'* ******, said *** ***** **** *** **** what ********, ** ***, ******** ***** has ********** **** ** ****** ******** plans. ***** *** *****, *** ****, she *** ***** ***** ** *** clients ****** *** ***** ******** ***** as **** ** *** **********. 

“***** ********** ****’* ********. ***** *** things ****** *** ** ***** ********** that ****’* ****** ****,” **** *****’* lawyer. ***** **** ******** ***** ** also ***** *** ******.

Comments (1)

Whether the modality of the crime fits with an unsecured security assessment, it does provide a good opportunity for everyone to assess how this information is kept.

In so many cases, 'conveinience' DOES NOT EQUAL 'secure'. Keeping these reports locked up behind firewalls and granting file access on explicit permissions seems to be especially prudent. Making a point to demonstrate the data security of this information to (potential) customers/management might put them more at ease.

Having copies of these docs floating around unsecured on laptops or cell phones invites nightmarish trouble!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports