Every single access is logged on such systems, regardless what kind of file hosting you use.
An employee suddenly accessing tons of files, potentially in indexing order (meaning they’re either clicking through every link, every folder, every file, or are using an automated tool that does exactly the same), now that’s suspicious.
Combine that with logs from their terminal, which would usually contain things like downloads, file operations, as well as external storage connection/disconnection events, and you can basically get a near perfect map of what they stole and how.
They knew what they stored it on, so presumably they did it in a company computer, and that computer had logging software that the company got access to (whether it automatically sends it to them or just stores it locally until needed).
Every single access is logged on such systems, regardless what kind of file hosting you use.
An employee suddenly accessing tons of files, potentially in indexing order (meaning they’re either clicking through every link, every folder, every file, or are using an automated tool that does exactly the same), now that’s suspicious.
Combine that with logs from their terminal, which would usually contain things like downloads, file operations, as well as external storage connection/disconnection events, and you can basically get a near perfect map of what they stole and how.
They knew what they stored it on, so presumably they did it in a company computer, and that computer had logging software that the company got access to (whether it automatically sends it to them or just stores it locally until needed).