Hackers based in China enjoyed widespread access to Nortel's computer network for nearly a decade, according to a report.
The hackers – who appeared to be based in China – had unfettered access to the former telecommunications giant as far back as 2000, according to Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports.
They "had access to everything", Shields told the Journal. "They had plenty of time. All they had to do was figure out what they wanted."
Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents.
According to the internal report, Nortel "did nothing from a security standpoint" about the attacks.
Corporate espionage is a growing problem for North American companies, with the majority of attacks coming from China.
China's embassy rejects cyberspying allegations
Last November, a group of U.S. analysts said there were as many as 12 different Chinese groups participating in cyberattacks on U.S. companies and government agencies.
China has rejected allegations of cyberspying, with its embassy in Canada saying "Cyber attacks are transnational and anonymous. It is irresponsible to prejudge the origin of attacks without thorough investigation and hard evidence."
The embassy added that China's government "strictly prohibits" hacking and "stands ready to step up international cooperation in this field."
The long-term attack on Nortel isn’t the only time a Canadian company has been targeted by hackers.
During BHP Billiton’s hostile takeover bid for Saskatchewan’s PotashCorp, hackers traced to China targeted Bay Street law firms and other companies to get insider information on the $38-billion corporate takeover.
Those same hackers also targeted Canadian government computers in fall 2010, targeting the Finance Department, the Treasury Board, and Defence Research and Development Canada, a civilian agency of the Department of National Defence.
Nortel attacks went unreported
Nortel, currently selling off assets as part of a 2009 bankruptcy filing, failed to disclose the attacks to potential buyers of its patents and business units, according to the Journal.
During the investigation, the telecom giant made no effort to determine if any of its products were compromised. Nortel, as a publicly traded company, would have been required by the U.S. Securities and Exchange Commission to disclose any "material" risks to investors.
According to Shields, Nortel discovered the hacking in 2004, and the company’s silence put acquiring companies at risk. Three former Nortel executives are currently on trial for allegedly tampering with quarterly results in order to trigger millions of dollars in bonus payments.