Employee Double Dipping and Insider Fraud: The Hidden Cost of Time Theft

This past July, federal prosecutors arrested Evester Edd, a former senior human resources official with the Peace Corps. The charges paint a picture of brazen fraud: Edd allegedly worked simultaneously as both a federal employee and federal contractor, submitting fake timecards to both employers and billing for the same hours twice, pocketing tens of thousands of dollars in the process.

‍

But the billing scheme was just the beginning.

Investigators say Edd also:

• Falsified security clearance documents
• Lied to federal agents about his electronic accounts and overseas contacts
• Sent money to foreign nationals in exchange for explicit content
• Made over 1,000 unauthorized access attempts to government systems, copying sensitive and Privacy Act-protected information to personal devices

Edd now faces up to 35 years in federal prison if convicted. The Peace Corps Office of Inspector General, working with other federal agencies, spent months unraveling a fraud that had been running right under their noses, a sobering reminder that some of the biggest insider threats come from the people we trust most.

‍

This Isn't Rare…And It's More Than Just Fraud

‍

Headlines like these grab attention, but they're hardly unique. At InnerActiv, we see similar patterns regularly across our customer base and investigations.

‍

Employees "double dipping" between different organizations, contractors billing for phantom hours, or staff quietly moving sensitive documents or client lists between jobs—these scenarios happen far more often than most companies realize.

‍

These insider incidents often get buried beneath flashier news about ransomware and external breaches. But here's what makes them particularly dangerous: employees juggling multiple roles typically have legitimate access to sensitive data, financial systems, and client databases. When data starts flowing between different employers, it often happens gradually and flies completely under the radar.

‍

The financial impact can be staggering, sometimes draining organizations of hundreds of thousands or even millions before anyone catches on.

‍

The Hidden Cost of "Side Hustle" Time Theft

The explosion of gig work and remote employment has created perfect conditions for employees to hold multiple jobs without their employers knowing. The numbers tell the story:

• $400 billion lost annually to U.S. employers from time theft and lost productivity
• $373 million annually from "buddy punching" (employees clocking in for absent coworkers)
• 15% rise in employee theft in 2023, reaching $46 billion in recorded losses

Many gig workers, facing economic uncertainty without wage protections or benefits, end up stretched across multiple jobs. While Edd's case represents fraud at its most egregious, the smaller cases add up quickly.

‍

An employee who pads their timesheet by just a few minutes a day or sneaks in side work during office hours can quietly cost thousands annually—not to mention the compliance headaches and data leakage risks that come with divided loyalties.

‍

And don’t assume remote work is the only culprit. Plenty of in-office employees manage unauthorized side gigs during company time, and most traditional security tools completely miss this kind of insider risk.

‍

How Behavioral Monitoring Changes the Game

‍

Standard monitoring tools log logins and file transfers, but they miss the human story behind the activity. InnerActiv takes a different approach, focusing on endpoint behavior analytics to understand not just what's happening, but how and why.

‍

Our system tracks how users interact with sensitive data:

• What files they access
• How they use that data
• Where it goes
  ‍

This creates a behavioral baseline for each role and user. When someone's activity starts looking unusual—say they access files outside their normal scope, or their work patterns shift—we flag it.

‍

Our approach builds on principles laid out in Why eDLP Matters: Protecting Your Data in a Digital World—monitoring data use at the endpoint before incidents escalate.

‍

And as seen in The Insider Threat: Lessons from the MISL Data Breach, behavioral anomaly detection can spot the subtle early signs of insider exfiltration that traditional tools miss.
‍

The result isn't just an alert. It's a detailed activity trail that shows exactly what happened, when, and how. That means faster investigation, quicker containment, and strong evidence if legal action becomes necessary.
‍

The Bottom Line

‍

Evester Edd's arrest made headlines because the fraud was so blatant and the amounts so significant. But for every case that makes the news, countless smaller incidents go undetected—steadily draining resources and putting sensitive data at risk.

‍

The 2025 Coinbase Data Breach is a sharp reminder that insiders—even under pressure—can exploit endpoint blind spots. Without real-time visibility, traditional DLP frameworks fall short.

‍

And don’t forget the risks tied to employee turnover. Why Employees Are 69% More Likely to Take Data Before Resigning highlights how departing staff frequently walk away with sensitive files, creating compliance and competitive risks.

‍

InnerActiv makes the invisible visible. By focusing on behavioral monitoring rather than just system logs, we help organizations detect insider fraud, time theft, and data exfiltration before it becomes front-page news.

‍

‍