Solution provider Denali Advanced Integration denies allegations made in a lawsuit last week that its CTO illegally hacked the private network of one of its customers, apparel heavyweight Columbia Sportswear, to benefit Denali financially.
"We absolutely dispute the claim that Denali was involved in any wrongdoing," said Majdi Daher, CEO of Redmond, Wash.-based Denali, Friday in emailed responses to questions from CRN... "We are working diligently – on our own and in cooperation with investigating authorities – to surface the facts, and we fully believe that they will underscore Denali's integrity."
Denali is conducting an investigation into the allegations with the help of a third-party cybersecurity firm and legal counsel.
In a 19-page lawsuit filed with the U.S. District Court in Portland, Columbia accuses Denali CTO Michael Leeper of using dummy email accounts on more than 700 occasions to illegally view internal communications concerning deals in which Denali had a financial interest, emails between Columbia and Denali's competitors, and confidential documents related to Columbia's long-range IT budget plans.
Denali has placed Leeper – a former Columbia employee – on paid leave and engaged investigators for the second time in its efforts to get to the bottom of the allegations, Daher said. Denali, No. 92 on the CRN Solution Provider 500, first placed Leeper on leave and began an internal investigation last fall after it first became aware of the allegations.
Leeper was reinstated a month later after the original internal investigation offered no indications of wrongdoing, Daher said.
"We have no information that validates these claims [by Columbia], despite a comprehensive study that includes deep investigation into Denali technology systems and in-depth interviews with all Denali parties who have had any contact with Columbia Sportwear," Daher said in the email to CRN, adding that he was "dumbfounded" by Columbia's claims.
Daher said authorities first contacted Denali on Oct. 21, 2016, to demand records of Leeper's interactions with Columbia, but didn't provide detailed information about the allegations. In response, Denali immediately placed Leeper on leave and hired the third-party data incident investigation and response firm to conduct a forensic investigation, Daher said.
Before joining Denali in March 2014, Leeper spent 14 years in Columbia's IT department, rising to the role of senior director of technology infrastructure. As a result, Columbia said Leeper had nearly unlimited access to the company's private computer network, including thousands of secure email accounts used by Columbia employees around the world.
One day before Leeper left Portland, Ore.-based Columbia, the company alleges he created a separate, unauthorized account under a false name so that he could continue accessing Columbia's private computer network. Leeper was one of very few Columbia employees authorized to both create new accounts and give existing accounts permission to access otherwise forbidden parts of the network, according to the lawsuit.