WEBINARSecure your AI agents in days, not weeks– Discover Polymer’s SecureRAG today!

Request a demo

Download our DLP for AI whitepaper

Polymer

Download free DLP for AI whitepaper

Deel vs. Rippling: A corporate espionage scandal unfolds

Mar 21, 2025
Breach Insider Threat SaaS DLP
DSPM DLP

Summary

  • Rippling accuses Deel of corporate espionage, claiming a spy stole sensitive data like customer lists & strategies.  
  • The lawsuit exposes insider threats as a major risk in competitive industries like HR tech.  
  • Insider threat is one of the larger threats to corporations due to it hitting hard and being difficult to spot.
  • Solutions like Polymer can help mitigate insider threat risk by monitoring SaaS apps & protecting sensitive data in real-time. 

In the high-stakes world of HR tech, where companies battle to dominate global workforce management, a scandal has erupted that’s straight out of a spy thriller. Rippling, a leading workforce management platform, has accused its rival Deel of orchestrating a corporate espionage plot. The allegations? A mole within Rippling’s ranks stole trade secrets, customer lists, and competitive strategies, handing Deel an unfair edge. This drama is unfolding in real-time on social media and in court, and it’s got the industry buzzing.  

But beyond the juicy headlines, this case is a wake-up call about insider risk—a threat that lurks within every organization. Let’s break down the Deel-Rippling saga, explore the role of insider threats, and show how solutions like Polymer can keep your business safe from similar espionage nightmares.

The Deel-Rippling saga: A spy among us  

Rippling and Deel are titans in the human capital management (HCM) space. Founded in 2016, Rippling boasts a $13.5 billion valuation, while Deel, launched in 2019, sits at $12 billion. Both platforms help businesses manage global teams—a critical need in the remote work era. Their rivalry was already fierce, but on March 17, 2025, Rippling dropped a bombshell: a lawsuit accusing Deel of planting a spy in its Dublin office.  

The complaint alleges that an employee, dubbed “D.S.,” accessed sensitive data, including:  

  • A “competitive intelligence card” detailing Rippling’s plan to poach Deel’s customers.  
  • A “churn risk list” of customers considering jumping ship from Rippling.  
  • Internal communications and employee contacts.  

Rippling claims this info was funneled to Deel, giving them a leg up in the HR tech race. To catch the spy, Rippling set a trap worthy of a tech thriller: a fake Slack channel called “d-defectors,” supposedly for ex-Deel staff to spill dirt. They mentioned it in a letter to three Deel execs—and hours later, the suspect searched for it, tipping his hand.  

The plot thickened when Rippling secured a court order to seize the employee’s phone. Presented with the order, he allegedly bolted to a bathroom to wipe evidence, saying, “I’m willing to take that risk,” before fleeing. Meanwhile, Deel denies everything, accusing Rippling of deflecting from its own legal woes tied to Russian sanctions.  

Twitter’s been ablaze with reactions. Here’s Rippling CEO Parker Conrad announcing the lawsuit:  

Insider risk: The enemy within  

This isn’t just corporate gossip, it’s a textbook case of insider risk. Insider threats come from employees, contractors, or partners with legitimate access to sensitive data who misuse it for personal gain or to aid a rival. In Rippling’s case, the alleged spy exploited his position to access game-changing info.  

Why are insider threats so dangerous?  

  • Trusted access: Insiders don’t need to hack in—they’re already inside the castle.  
  • Hard to spot: Their actions often look legit, flying under the radar of traditional security tools.  
  • Massive impact: One rogue actor can leak customer data, steal IP, or tank your competitive edge.  

In HR tech, where customer loyalty and innovation are everything, insider risk isn’t just a headache—it’s an existential threat. The Deel-Rippling case proves no company is immune.

How Polymer stops insider threats in their tracks  

So, how do you protect your business from a spy in your ranks? Enter Polymer, a DLP solution for mitigating insider threat risk. Polymer doesn’t just react to breaches; it prevents them by keeping tabs on your data 24/7. Here’s how it could’ve helped Rippling – and how it can help you:  

Real-time monitoring  

Polymer’s machine learning tracks user behavior across SaaS platforms. The lawsuit claims the spy searched “Deel” 23 times a day in Slack. Polymer would’ve flagged that as suspicious, alerting security teams before data walked out the door.  

Access control  

With Polymer, you can enforce least privilege, limiting who sees what based on their role. Had Rippling locked down that “competitive intelligence card” to a need-to-know basis, the spy’s reach would’ve been stunted.  

Instant threat blocking

If an insider tries to exfiltrate data – say, emailing a customer list to a rival – Polymer can block it in real-time and notify your team. No bathroom sprints required.  

Compliance made easy  

Handling PII or PHI? Polymer ensures compliance with HIPAA, PCI, GDPR, and CCPA by auto-protecting sensitive data and logging everything for audits. The Deel-Rippling saga shows that insider risk isn’t hypothetical–it’s happening now. Polymer gives you the tools to stay ahead of it.

Key takeaways from the scandal  

As this legal battle unfolds, here’s what every business can learn:  

  • Insider threats hit hard: With billions in valuation on the line, one bad actor can do serious damage.  
  • Monitoring is non-negotiable: Catching odd behavior early – like obsessive competitor searches – can stop breaches cold.  
  • Lock it down: Role-based access limits exposure. Less access, less risk.  
  • Be proactive: Investing in DLP beats cleaning up after a spy.  

The HR tech world is glued to this drama, but the real story is the vulnerability it exposes. Insider risk isn’t going away–it’s time to fight back.

Secure your business with Polymer  

The Deel-Rippling espionage case is a stark reminder: insider threats can strike anyone, anywhere. Polymer’s SaaS DLP keeps your sensitive data safe, your compliance on lock, and your competitors at bay. Don’t wait for your own corporate spy novel, act now.  

– 
Polymer data loss prevention (DLP) for SaaS automatically protects your company’s sensitive data like PHI and PII. Polymer is the fast, easy way to reduce the risk of data exposure and stay HIPAA, PCI, GDPR, and CCPA compliant. Improve your cloud security today–try Polymer for free.

Polymer is a human-centric data loss prevention (DLP) platform that holistically reduces the risk of data exposure in your SaaS apps and AI tools. In addition to automatically detecting and remediating violations, Polymer coaches your employees to become better data stewards. Try Polymer for free.

SHARE

Get Polymer blog posts delivered to your inbox.