Nicholas Tides and Matthew Neumann had a beef with Boeing. As internal auditors in the aircraft manufacturer’s IT Sarbanes-Oxley audit group, their job was to test Boeing’s IT controls as part of a Sarbanes-Oxley Act (SOX) requirement that companies annually assess their internal security and financial reporting processes. In February 2007, Tides and Neumann alerted management that the company’s system had weaknesses that could allow unauthorized users to alter data, including the audit results, thus violating SOX. The two auditors also complained of a hostile work environment in which they felt pressured to report positive audit results.
Feeling that management was ignoring their grievances, Tides and Neumann shared their concerns about Boeing with a reporter, to whom they sent several e-mails and copies of internal documents from their work computers. In July 2007, the newspaper published an article about Boeing’s alleged security faults.
Experts say a solid media communications policy and crisis plan are the best defenses against damaging leaks.