Endpoint Security Insider Threats Data Visibility & Protection Education Enterprise Government

Absolute Investigations September Roundup: Device Recovery Success Stories

September 23, 2021

3 Min Read

September is National Insider Threat Awareness Month and the goal of this third-annual, month-long designation is to bring greater awareness to insider threats and help organizations and their employees mitigate potentially damaging issues early on.

Insider threats are when anyone with authorized access uses that access to (willingly or unwittingly) harm an organization or its resources. While this could include such scenarios as employees unknowingly clicking on phishing emails, it also includes the theft of corporately owned devices for the purpose of personal use outside of work or for resale and profit.

The Absolute Investigations Team has many years of experience helping Absolute customers find and recover stolen devices. They rely on their law enforcement expertise and the power of Absolute’s firmware-embedded endpoint defense platform with an undeletable digital tether to every endpoint, no matter where it is and the ability to lock, freeze, or wipe the device if it falls into the wrong hands.

Here are a few of the investigators’ most recent highlights:

Theft by School Employees

A school district in California had 14 laptops stolen over a period of several months. Eight of the devices have been recovered so far with the help of multiple law enforcement agencies that serve the large school district’s boundaries and Absolute investigators. The latest came this summer when a man in Arkansas contacted Absolute after he unknowingly purchased one of the stolen devices on an ecommerce platform and, upon starting it up, saw the undeletable device freeze message from Absolute. After coordinating between the purchaser, the online platform, the school district and law enforcement, the purchaser received his money back and the laptop was returned to the school. Local authorities have charged a school IT team member and a security guard who together were stealing the school-owned devices and selling them for profit.

Theft by City Employee

City officials for a Canadian public sector customer reported to Absolute that one of their laptops had been stolen. When they looked for more details, Absolute investigators discovered that the device was still being used by the originally assigned employee. She initially reported that the laptop had been returned to procurement, as part of the condition of going on maternity leave, but Absolute forensic tools discovered that she was still using the device. Investigators let the city officials know, along with local law enforcement, and the organization decided to use their human resource team to try and get the device back rather than involving the police. They subsequently discovered that the same employee was suspected of having two city-owned laptops, and after initially denying having either device, the employee eventually returned both. The Absolute customer was grateful for the consult prior to taking legal action, and for Absolute’s assistance in ensuring their devices were returned.

Theft by Courier

A children’s hospital in Arkansas procured a new laptop online from Dell but did not receive the shipment. They reported the missing device to local authorities as well as the Absolute investigators. Because Absolute’s undeletable digital tether is embedded within the firmware of Dell machines and because this hospital is an Absolute customer, investigators were able to use Absolute forensic tools to find user status. This revealed an email address for the laptop’s new user, but was insufficient to determine who the new owner was. Their next step was to work with the FedEx security team. Here they discovered that the email address they found was associated with a FedEx sub-contractor driver. Investigators prepared a summary of the findings for local law enforcement and, along with FedEx employee records, included the suspect’s address. Police were able to retrieve the laptop from the suspect, and he has since been terminated. Detectives are preparing charges against him.  


Also read: Absolute Investigations August Roundup


For more than 15 years, Absolute Investigations has helped organizations recover their stolen devices. Made up of former law enforcement professionals and other experts, Absolute Investigations uses forensics tools and techniques to locate devices at large and once found, they connect with local law enforcement to orchestrate their safe return. Learn more here.


Endpoint Security Insider Threats Data Visibility & Protection Education Enterprise Government

Share this article

Financial Services