Scott Dolan reports:
The parent company of the popular Planet Fitness gym chain Monday fired a Maine man who worked as its payroll manager, accusing him of stealing “highly sensitive personal and financial information” about its employees.
Planet Fitness, based in Newington, New Hampshire, made the accusations public in a lawsuit filed against the fired employee, Jason Cole of Lebanon, in U.S. District Court in Portland, seeking to stop him from doing anything malicious with the information.
[…]
The lawsuit accuses Cole of threatening to use insider company information that he received inadvertently to interfere with the company’s IPO and charges him with three counts – breach of contract, converting the company’s personal and financial payroll information for his personal use, and of computer fraud.
Read more on Portland Press Herald.
I’ve uploaded the complaint here because it was not clear to me whether the employer had any hard evidence that Cole had actually misused access to the protected computer(s). From reading the complaint, it sounds like they may have some evidence that he improperly shared confidential information with another employee with whom he allegedly has a romantic relationship and/or resides with, but I don’t see any statement in the complaint that the employer checked access logs to the ADP payroll system and found any evidence that Cole had misused his access to download personnel information. It appears that they were just afraid that he might do that once they terminated him. Why they didn’t just lock him out of the payroll system by changing the password is not explained. The complaint states, in relevant part:
Based on Cole’s admissions and conduct at the July 30 meeting, there was immediate concern that Cole had downloaded other confidential information to which he had access, such as ADP records, to his personal computer. These reports could contain personally identifiable information about approximately 900 Planet Fitness employees, including the executive team.
Okay, so they were concerned. Then what did the logs show? They checked them, right? And why not immediately terminate his access to the system?
There’s a lot in this complaint that doesn’t make sense to me. Maybe it will make sense to you. I do understand, though, why they are seeking court approval to obtain their former employees’ personal computers to determine if any proprietary information is on them.
Update: In November, they dropped the lawsuit and paid him some money.