A document leak is the unauthorized release of confidential or sensitive information, typically to people outside of an organization. Examples include internal emails forwarded externally, board-level discussions made public or project documents shared on social media. Sometimes this is deliberate — but often it isn’t. An enthusiastic employee may post product material online without realizing that this might compromise a patent application, for example. Or a misconfigured email system may accidentally send sensitive attachments to the wrong people.
The Pentagon is currently grappling with a leak that appears to reveal photographic documents showing its assessment of the Ukrainian military’s preparedness for war, including shortfalls in weapons supplies. The US has urged caution in promoting or amplifying the material, not least because some of it seems to have been doctored to minimise Russian losses and amplify Ukrainian gains.
One of the most significant examples of a document leak was the WikiLeaks revelation of 251,287 US diplomatic cables in November 2010. Other examples include the Daniel Ellsberg leak, in which he published a top-secret report on the Vietnam War in 1971, and Edward Snowden’s 2013 leaks revealing the UK’s Tempora and American PRISM clandestine espionage programmes.
Investigations into document leaks typically involve a structured and rigorous approach to determine the cause of the breach. This includes examining access logs and server activity, assessing data sensitivity, reviewing metadata and conducting forensic analysis. A key part of this process is chain-of-custody mapping, a technique we employ to track the flow of information through internal systems (such as shared drives or email) and between people. It also involves identifying whether the information was accessed by unauthorized people or shared in uncontrolled ways, such as via messaging apps and personal devices.
About the Author
