October 29, 2002, 4:06 PM — Swedish information technology company Intentia International AB has filed a criminal complaint against Reuters Ltd. alleging that the U.K.-based news agency illegally obtained Intentia's third quarter financial results by hacking the company's corporate Web server. Reuters has denied the charge, according to a published report.
Following an internal investigation of the alleged intrusion, Intentia says that it has proof of unauthorized entry to their corporate Web server from an Internet Protocol (IP) address belonging to a Reuters company, according to Thomas Ahlerup, head of corporate and investor relations at the Stockholm, Sweden-based enterprise application provider.
A Reuters spokeswoman acknowledged that a journalist in the company's Stockholm bureau had obtained a copy of the report from Intentia's Web site, but denied that the company had violated the law.
"We are rejecting (Intentia's) allegations completely. Information was accessed from company's Web site and in the public domain. It wasn't a private site. It wasn't password protected. (The report) was on their public Internet site; it was published, and therefore we reported it," said company spokeswoman Susan Allsop.
According to a statement published on Intentia's Web site, an intrusion from the IP address belonging to Reuters was recorded at 12:51 p.m. Stockholm time on October 24, 2002. At 12:57 p.m., Reuters published a news flash containing information on Intentia's third quarter results, an hour ahead of the scheduled earnings release time of 2:00 p.m. Stockholm time.
In response to the report, Intentia moved its own announcement up to 1:22 p.m. on that day.
Ahlerup would not comment on the means that Reuters may have used to acquire the information, saying only that the report was on a private area of Intentia's Web server, that there was no link to the report on Intentia's Web site, and that the report had not been disclosed to the public.
"We can not rule out the fact that (Reuters) accessed the private part of our Web server in the way that they did," Ahlerup said.
"We're not accusing Reuters, but we cannot rule out that someone used an IP address belonging to Reuters to access our site and that Reuters published an alert (on Intentia's earnings) six minutes after that."
Allsop confirmed that no link to the report was provided on the Intentia Web site. Citing the legal actions taken against the company, however, she refused to say how the file was located on the site.
"The journalist located it on their site, but not using any illegal means. The journalist didn't hack into their system. The report was on their site in an area where you would expect it to be. Anybody looking for it at that site would have found it," Allsop said.
Allsop refused to identify the reporter who obtained the earnings report.
The issue may come down to a dispute over what constitutes "private" content on a Web server that is accessible to the public. If the earnings report was posted ahead of time in a location that was accessible to the public and where previous quarterly earnings statements had been posted, a knowledgeable Web user could derive the URL (uniform resource locator) of the file and download it, even if no visible link to the file was provided on Intentia's Web site.
For example, if a company's second quarter earnings report used the URL www.company.com/financial/q2.pdf, it would be a simple matter to guess that the third quarter report could be found at www.company.com/financial/q3.pdf.
Ahlerup declined to comment on such a scenario, and would not say whether the file was password protected, or whether it was in an area that would have required a password to access.
When asked to provide Intentia's definition of "private" content, Ahlerup said that the company is publicly listed on the Stockholm stock exchange and adheres to Swedish laws regarding the definition of what is "publicly released" material. According to those rules, Ahlerup said, Intentia's earnings reports had not been made publicly available.
According to Ahlerup, Intentia contacted Reuters when they became aware of the alleged intrusion, but that Reuters ignored the company's allegations.
Intentia is just the latest in a string of Scandinavian companies that have had their earnings reports scooped by Reuters prior to their public release.
On October 22, 2002, Reuters published information on banking group Nordea AB's third quarter performance prior to the official release of those numbers, and Allsop acknowledges that there may be other instances of the company snatching earnings reports both inside and outside of Scandinavia using the same technique.
Such a practice does not run afoul of Reuters editorial guidelines, according to Allsop.
