Developing: Mossack Fonseca IT worker arrested

An employee in the IT department of Mossack Fonseca, recently the subject of a massive leak, has been arrested in Geneva sparking suspicion that this may have been 'the inside man'

The 'Panama Papers' leak stands as the largest leak to journalists in history (credit: Guardian)
The 'Panama Papers' leak stands as the largest leak to journalists in history (credit: Guardian)

An IT worker from the Geneva offices of Panamanian law firm Mossack Fonseca has been arrested on charges of data theft and breach of trust.

Whether this arrest had anything to do with Mossack Fonseca's recent tribulations is widely suspected but not yet known.

Mossack Fonseca was recently the subject of an international fiasco when 11 million of its internal documents were leaked to German newspaper Süddeutsche Zeitung.

The documents detail the efforts of the international elite including billionaires, captains of industry, and political leaders - democratic and despotic alike, to avoid their own tax regimes.

The ensuing scandal resulted in the resignation of the Icelandic prime minister and the public embarrassment of an array of international figures. Furthermore the leaks, following on from a series of such leaks from HSBC and Switzerland, reignited a public furore over international tax avoidance.  

It is not yet known if the worker in question is the same one that responsible for what is known as the largest leak to journalists in history. Bastian Obermayer, of Suddeutsch Zeitung, the paper which was initially approached, tweeted that the suspect in question is not the Mossack Fonseca leaker.

However, the IT worker was arrested on charges similar to the leaker. Speaking to Le Temps newspaper, Thierry Ulmann an employee of Mossack Fonseca said that the employee took information via his computer and had full access privileges, adding, “It's on this basis that have have filed a complaint for data theft and breach of the law firm's trust.”

Brian Chappell, Technical Services Director, EMEA at Beyond Trust told SCMagazineUK.com that “It's surprising that after 2 months the Police have confidently identified the system used to access the data to the degree they have arrested the system's user however is that person John Doe or simply an unwitting participant? Süddeutsche Zeitung believe it's not which is telling.”

Either way, added Chappell, this case “highlights the importance of understanding that IT Security is everyone's responsibility within an organization, leaving your system unlocked while you head off for lunch could land you in the same situation with an uphill struggle to prove you aren't the source of the leak.”

“How anyone managed to download the files and take them out of a company like Mossack Fonseca on a USB device is still bewildering to me” Norman Shaw, CEO of ExactTrak told SC.

“There are so many advanced detection techniques on the market now that would have immediately red-flagged this behaviour, it makes no sense that they got away with it and even less sense that the company doesn't know who did it. Again, technologies exist that provide audit trails to show exactly what happened to those files, when, and by whom.”

In other news, Mossack Fonseca has begun shutting down its regional offices. In May, the law firm closed down offices in Jersey, the Isle of Man and Gibraltar. More recently, it has shut down two US offices in Nevada and Wyoming. 

Sign up to our newsletters