A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs. Recently, unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times, and nothing suspicious has been found. Which of the following is the MOST likely cause of the unauthorized photos?
A. The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website.
B. One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department’s servers.
C. The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos.
D. Pre-release marketing materials for a single device were accidentally left in a public location.