A top research executive for leading drugmaker Lupin Inc. resigned in August 2021, citing a move from the U.S. to China to care for his aging parents — but on his final day, he accessed his laptop at 6:33 p.m., copied 128 company files and walked out the door.

Those files are at the heart of a lawsuit Lupin filed in 2023 against Xian-Ming Zeng and the competitor he went on to found, Transpire. Lupin, an Indian company with U.S. pharmaceutical sales and marketing headquarters in Baltimore, accused its former employee of misappropriation of trade secrets in a case that’s headed to trial in federal court in Florida.

Sunrise, Florida-based Transpire fired back in August, accusing Lupin in a separate lawsuit of stealing trade secrets, likewise related to generic inhalers for asthma and other chronic diseases.

The startup, founded in 2022, hired one of Lupin’s scientists who collected confidential secrets concerning a generic drug under development before quitting for health reasons, then rejoining Lupin, the lawsuit said.

Attorneys for Transpire and Lupin declined to comment.

The legal tug of war has emerged at a time of renewed focus on corporate espionage, which cybersecurity analysts view as the taking of trade secrets, intellectual property or proprietary information without consent for commercial or financial gain. That includes economic espionage waged by governments, one of the Trump administration’s grievances leading to the now-paused U.S. tariffs against China.

In an age of electronic data, remote work and artificial intelligence, cases of spying between organizations such as Lupin and Transpire are becoming more common and trickier to navigate.

“Espionage is bigger than ever because there’s more sophisticated information,” said JD Harriman, a partner in Burbank, California-based Foundation Law Group, who appeared as an expert witness in a 2021 Coca-Cola espionage case. “There’s more interest in acquiring that information, as you can imagine, with new technologies.”

Threats from China have accelerated. More than 60 cases of espionage by the Chinese Communist Party have been documented in 20 states in the past four years, including theft of trade secrets and transmission of sensitive military information, according to a February update released by the House Committee on Homeland Security. It showed a China connection in around 60% of all trade secret theft cases and said Chinese theft of American intellectual property costs the average family of four as much as $6,000 after taxes.

Difficult to detect

While information in the pre-electronic age may have been as uncomplicated as some customer lists, today’s most wanted secrets often involve software and proprietary programs detailing thousands of hours of research, “and you’ve got the end result without doing any work,” Harriman said.

Electronic theft is sometimes nearly undetectable, making it difficult to prove, said Anupam Joshi, director of UMBC’s Center for Cybersecurity, which conducts university cybersecurity research, education and outreach.

“Almost everything, from lab notebooks to observations or designs, everything is on a computer now, and so now, if I can infiltrate electronically, I could be anywhere in the world,” he said. “You may not even know that someone stole information.”

Plaintiffs have been able to file trade secret cases in federal court, in addition to state court, since 2016 under the Defend Trade Secrets Act, which allows for remedies such as damages and injunctive relief. The Maryland Uniform Trade Secrets Act defines trade secrets as formulas, patterns, programs, devices, methods, techniques or processes with economic value.

“Any bit of information that is proprietary to your organization is at risk of being a target for corporate espionage,” Thomas Richards, infrastructure testing lead for UltraViolet, a cybersecurity services company based in McLean, Virginia, said in an email. “Primarily, client lists, source code, design schematics, and future business plans are in the most demand.”

Attorneys who handle corporate espionage said cases are on the rise in part because non-compete clauses have fallen out of favor and companies may turn to trade secret litigation instead.

The Coca-Cola can lining case

In the Cola-Cola case, the beverage giant accused a soon-to-be-laid-off chemist and plastic coatings expert, Shannon You, of photographing open files on her computer monitor with her phone and of uploading encrypted files onto a personal Google Drive account, according to a 2023 Bloomberg story. You was one of only two people with access to detailed chemical recipes for the plastic liners that keep the beverage from eating away at the can, according to the U.S. Attorney’s Office in Tennessee.

Before she left in 2017 as part of a mass layoff, You had been traveling to China for meetings about starting her own coatings company and received millions of dollars in Chinese government grants to support the new company, the U.S. Attorney’s office said.

Harriman appeared during a court trial as an expert witness for You’s defense.

“She did a lot of things wrong,” Harriman said. “She felt she was so smart that she could talk to the FBI without an attorney… and she did not do well.”

But he maintains “there’s no evidence that any of the data had left her laptop,” he said, and “They couldn’t show that she gave away exclusive design.”

In fact, he said, during the trial he listed all the “so-called” secret ingredients, and showed how Coca-Cola had filed for a patent, with You as inventor, with a list of all ingredients except one. But another company ended up disclosing that final ingredient, he said.

“Nothing was really secret,” he said.

He encourages his clients to craft non-disclosure agreements without expiration dates.

Agreements at Coca Cola did not include such perpetual clauses, he said, but You “still was found guilty,” sentenced to a 14-year prison sentence in 2022 for conspiracy to commit trade secret theft and economic espionage, possession of stolen trade secrets and economic espionage.

Does job experience belong to employees or employers?

It’s not always made clear to employees which skills and information learned on a job can be used in subsequent jobs, Harriman said.

“For the most part, things that are in your head are okay to take with you to your next job, your general knowledge, but… specifically memorizing things to take with you to your next job is not permitted,” he said.

That was the crux of a misappropriation of trade secrets case filed in Baltimore federal court in 2019 by Brightview Group, which owns and operates more than 45 senior living communities in Maryland and seven other states. Brightview accused two of its former employees who worked in new community development of stealing market analysis information. They took pricing lists, reports measuring leasing activity and “heat maps” showing where residents used to live, the lawsuit claims.

It claims the employees began collaborating with a new senior living venture, New York-based Monarch, also named in the lawsuit, before they left Brightview to join the competitor. They shared thousands of data points and other information, it said.

The benchmarks Brightview had established were its own, developed through years of experience, one Brightview executive testified. Forensic analysis showed thousands of Brightview documents on the former workers’ personal storage devices when they left. A judge granted Brightview’s request for an injunction in February 2020. The two employees are no longer with the company.

Brightview representatives did not respond to a request for comment. Monarch declined to comment.

Protecting trade secrets

Adam Brown, a cyber managing consultant for UltraViolet in McLean, said it’s important for organizations to have strict policies and guidelines on where intellectual property and trade secrets can reside and who has access to it.

With the advent of artificial intelligence, the need for controls will only intensify, he said. As AI models learn through the data they are fed, employees running code or intellectual property through AI may unwittingly train that model in a way that could benefit outside parties, Brown said.

Richards, of UltraViolet, added that strong detection and response cybersecurity programs are crucial.

“Assuming you are safe is the biggest mistake,” Richards said. “Every organization is a target and has something of value to competitors. ”

©2025 The Baltimore Sun. Visit at baltimoresun.com. Distributed by Tribune Content Agency, LLC.