A federal judge has ruled that a former managing director of Brevet Capital Management — an asset firm that oversees billions of investment dollars — can move forward with a proposed lawsuit alleging that the company hacked into his personal accounts.
U.S. District Judge William H. Pauley on Tuesday denied a request from Brevet Capital to reconsider a previous court decision not to dismiss the case. In May, another judge ruled that Paul Iacovacci could move forward with claims that Brevet had violated the Computer Fraud and Abuse Act and other laws by accessing accounts and hard drives to read his personal email and extract data from his personal hard drives. Brevet previously has acknowledged accessing the data but denies any wrongdoing.
The case, first filed in September, highlights uncomfortable questions about what information employers can access about their employees, and how they obtain that access. The issue is an especially pressing security question, as more Americans conduct official business from their own devices and communicate with friends or family from corporate machines.
The trouble began when Iacovacci informed Brevet in January 2016 about his decision to retire from the Manhattan hedge fund specializing in private debt investments. A months-long dispute about his due compensation followed, resulting in Brevet firing Iacovacci in October of that year. He filed a lawsuit days later, alleging wrongful termination and saying Brevet owed him tens of millions of dollars.
That’s when Iacovacci says he discovered that Brevet had quietly installed software on his computer that made it possible to copy and exfiltrate data from his email account and personal hard drives that were attached to the machine. Brevet had purchased Iacovacci a personal desktop the year before, a computer he says he used in his home to work remotely and for personal use.
The company filed a countersuit to Iacovacci’s wrongful termination complaint that contained information Iacovacci said only could have been taken from his personal inbox. He has claimed Brevet staffers successfully guessed his password to the LogMeIn telecommunicating software by trying different versions of his children’s names and birth dates. Brevet denies this, saying the company knew his passwords because he previously shared them with IT staffers, and that they were authorized to view data on the corporate-owned computer.
Judge Pauley, of the Southern District of New York, ruled against a Brevet argument that the case should be tossed, directing both parties to submit a proposed pretrial schedule by July 30. (The ruling is available in full below.)
It’s only the latest allegation against a financial institution accused of improperly using security measures against current or former employees. Executives at Barclays Bank were embroiled in a years-long scandal that began when CEO Jes Staley directed the firm’s former head of information security to identify an anonymous whistleblower who had raised questions about the behavior of another executive.