This blog post was a collaboration between Stratford Intellectual Property and Click Armor
Gaming giant Electronic Arts made headlines recently as the latest victim in a cybersecurity attack. What makes this case interesting is that it appears the hackers did not steal customer information, but instead proprietary source code. Furthermore, they had no intent of ransoming it back to EA, but instead selling it to the highest bidder. As the number of cyberattacks increases, companies must be vigilant about their IP protection strategies.
Electronic Arts (EA) is a world-leading video game company that is known primarily for providing great entertainment experiences for its customers. One of the keys to its success is that it has some unique intellectual property (IP) for delivering games in a very profitable way, as its customers pay a price for access.
In June 2021, the company suffered a serious security breach when nearly 800 gigabytes of data, including source code for its FIFA 2021 and Frostbite games, was stolen.
This kind of security breach can have a devastating effect on any business, especially if its business model relies heavily on its IP (When news of the security breach was made public, shares of EA fell an estimated 2.4% to a session low of $142.31).
Unfortunately for companies like EA, hackers are increasingly trying to break in and steal their IP, which is known to be their competitive advantage.
EA has a large patent portfolio (over 1000 patents), presumably covering much of what was stolen in the breach. Because of this, it is possible that they can pursue legal action beyond trade secret theft, for patent infringement.
However, most of their patent portfolio was filed in the US only, which means that the protection afforded by a patent is only enforceable within the United States. Meaning that everything that is disclosed within these patent documents can be used or sold outside of the US as it will now be deemed to have been publicly disclosed and is no longer a trade secret.
It is fair to expect that EA knew that it needed to maintain security around its systems and data. The company may have been confident that they had “enough security” to protect their IP but may not have realized how vulnerable they really were to its theft.
It’s possible that EA’s management didn’t realize they were a big enough target that attackers would do almost anything to breach them. In a large organization with a range of valuable assets like source code and specialized tools, it can be difficult to make sure that there is a proper balance of security, based on “people, process and technology”, to manage the risks.
To protect the core IP value and sensitive data of a technology business like EA, the following steps need to be taken:
1 | Start by doing a proper and thorough inventory of intellectual property, including:
2 | Design and implement processes for ensuring that the confidentiality of each IP asset is properly protected appropriately during its entire lifecycle, including:
3 | Ensure that all staff are appropriately trained on how to protect those assets in their jobs, including:
It’s an unfortunate reality that cybersecurity attacks are an ongoing and very real risk for businesses. To maximize company value and protect your intangible assets, you need to have a broad, strategic IP protection program (one that acknowledges and mitigates the risks of both intentional and unintentional IP loss).
About Stratford Intellectual Property: Our team of IP strategy experts includes certified patent agents and strategic advisors experienced in every aspect of the IP lifecycle, giving you access to a unique blend of IP and business expertise. We lean in to foster a culture of innovation in your organization and optimize your IP portfolio to reduce risk and increase ROI.
If you have questions about your organization’s IP strategy or want to learn about training options for IP protection, please contact Stratford Intellectual Property.
About Click Armor: Click Armor helps business managers battling cyber and compliance risks by using gamified simulations and challenges to engage end-users to avoid breaches and build a strong security culture.
Click Armor also offers a gamified course in “IP Protection Awareness” that is applicable for all staff, to minimize the likelihood of accidental breaches such as the one that occurred with EA. For more information about this course, please contact Click Armor.