Believe’s TuneCore is suing CD Baby over allegedly stolen trade secrets, and as part of the heretofore little-discussed lawsuit, a federal judge has “temporarily enjoined” the defendant company “from knowingly disseminating and/or using any of TuneCore’s confidential information.”
Two of the music industry’s biggest distributors are going to war — and hardly anybody knew about it.
TuneCore submitted the underlying action to a New York federal court in late November, naming as defendants CD Baby as well as recently-recruited employee (and alleged operative) Faryal Khan-Thompson. The under-the-radar lawsuit hasn’t received any coverage previously, though legal paperwork on the case was recently shared with Digital Music News.
So what’s going on?
According to her LinkedIn profile, Khan-Thompson served as TuneCore’s VP of international between October of 2020 and April of 2023 before signing on as CD Baby’s SVP of marketing and community engagement from June of 2023 through February of this year.
And per the relatively straightforward November lawsuit, “after being terminated from” her role at TuneCore and beginning with CD Baby, Khan-Thompson allegedly “repeatedly hacked into TuneCore’s secured cloud server to access and download confidential documents and information.”
(The split from TuneCore, initiated by the distributor in December of 2022, was expedited after the company “discovered certain outside business activities by Khan-Thompson that constituted a material breach of TuneCore policies,” according to the November of 2023 complaint and a December of 2023 amended action.)
As described by the legal text, the stage was set for the alleged improper access to confidential information “during the waning days” of Khan-Thompson’s employment at TuneCore, when she, “knowing that her termination was imminent,” allegedly created “a second set of credentials” using a personal email address.
Of course, this alleged “backdoor entrance” afforded the HitLab advisory board member “unauthorized access [to] TuneCore’s confidential documents after her employment ended” and her main credentials had been disabled, according to the plaintiff.
Seemingly throwing caution to the wind, Khan-Thompson allegedly used the personal-email credentials to access “TuneCore’s secured cloud network” between May and October of last year, viewing and/or downloading north of 50 “confidential and proprietary documents in at least 103 separate instances,” the Believe subsidiary maintained in the original suit.
During said instances, the former exec allegedly accessed a PowerPoint entitled “‘2023-2024 Product Strategy Road Map,’” an Excel spreadsheet “containing multiple tabs for 11 different countries and global regions listing the most promising TuneCore clients,” and a whole lot of additional information that would best be left out of the hands of competitors, per TuneCore.
Lastly, in terms of the core case’s pertinent details, TuneCore says Khan-Thompson’s actions constitute a violation of a pre-employment “proprietary information agreement,” its employee handbook, and the terms of her separation agreement. Both she and CD Baby are alleged to have violated the Defend Trade Secrets Act as well as the Computer Fraud and Abuse Act, besides having allegedly misappropriated trade secrets under common law.
CD Baby itself has been slapped with allegations of unfair competition and tortious interference with contract, and on the preliminary injunction front, TuneCore out of the gate pushed for, among many other things, an order barring both defendants from accessing its network or using any of its confidential information.
Now, as mentioned at the outset, and following some back and forth between the litigants, Judge Ann Donnelly has barred CD Baby until May 1st “from knowingly disseminating and/or using any of TuneCore’s confidential information.”
Additionally, the judge has handed down a comparatively far-reaching order, also running through May’s start, involving Khan-Thompson. Now, the exec is expressly prohibited from accessing TuneCore’s network or accounts and disseminating any of the business’s confidential information.
Furthermore, Khan-Thompson cannot access, alter, or delete Google Workspace user-account information (somewhat astonishingly, the relevant email is “aryal.khan.thompson@gmail.com”) or contact any individual listed on the aforementioned Excel spreadsheet, the order shows. Meanwhile, “a forensic examination of electronic accounts and devices” has already kicked off.
Finally, regarding the ugly confrontation’s details, the judge has ordered CD Baby and TuneCore to continue working towards the resolution of unresolved hang-ups including the latter’s push for relief, “an accounting” of any confidential TuneCore information on CD Baby’s network, a “forensic examination” of this network, and “the return or forensic removal of any confidential information” turned up by said examination.
