Rowdy Oxford Lawsuit: What Really Happened at Integris Composites
A Hesco Armor employee made a phone call. That call changed everything. The employee reached out to Integris Composites and revealed what a former colleague had done. Rowdy Lane Oxford had left Integris, taken over 9,000 confidential files, and joined Hesco — a direct, foreign-owned competitor. The moment that call came in, Hesco fired Oxford immediately. That is where the Rowdy Oxford lawsuit begins.
Integris Composites, a North Carolina-based defense contractor, filed a federal civil case against Oxford in February 2024. The lawsuit alleged trade secret theft, unauthorized computer access, and breach of fiduciary duty. The stolen data included export-controlled files tied to national security, which made this far more than a standard corporate dispute.
This article covers every verified fact about the case. You will learn who Oxford is, what he allegedly took, how the court ruled, and what the outcome means for businesses today.
Case at a glance:
| Case name | Court | Filed |
| Integris Composites USA v. Oxford | U.S. District Court, W.D.N.C. | February 27, 2024 |
| Resolved | Resolution type | Presiding judges |
| January 12, 2025 | Consent Final Order | Judge Frank D. Whitney · Magistrate Susan C. Rodriguez · Judge Max Cogburn |
| Criminal charges | Files allegedly taken | |
| None filed (as of Jan 2025) | 9,000+ (ITAR/EAR/CUI/Proprietary) |
Summary: Rowdy Lane Oxford, former VP of Business Development at Integris Composites USA, Inc., allegedly copied more than 9,000 defense-related files before resigning to join Hesco Armor, Inc. — a foreign-owned competitor. The civil lawsuit was resolved on January 12, 2025 via a Consent Final Order. Oxford did not admit guilt. No criminal charges have been filed as of the latest available public record.
Who is Rowdy Lane Oxford?
Rowdy Lane Oxford spent over 25 years in military service. He served in the U.S. Marine Corps and the U.S. Army Reserve. That career built a deep foundation of discipline, trust, and security awareness.
After leaving the military, Oxford moved into the private sector. He eventually landed a senior role at Integris Composites USA, Inc. as Vice President of Business Development. That title came with significant privilege. Oxford had legitimate access to the company’s most sensitive materials — customer accounts, government contract details, pricing strategies, and proprietary technical data.
He was, in every sense, a trusted insider. That trust is what made the allegations so striking. Oxford’s LinkedIn profile described a record of accelerating revenue and building high-performance teams across defense, energy, and industrial sectors. Nothing in his public history flagged a risk. Indeed, that is the nature of insider threats — they come from people no one suspects.
What is Integris Composites USA, Inc.?
Integris Composites USA, Inc. is a North Carolina-based defense contractor and the rebranded successor to TenCate Advanced Armour, a globally recognized name in defense materials. The company designs and manufactures ballistic armor and protective systems for military, aerospace, marine, and law enforcement environments.
Integris holds approval under two critical federal regulatory frameworks:
| ITAR | EAR |
| International Traffic in Arms Regulations — 22 CFR Parts 120–130. Controls access to and transfer of U.S. defense-related technical data and defense articles. | Export Administration Regulations — 15 CFR Parts 730–774. Governs dual-use technology with both civilian and military applications. |
Its client base includes U.S. military branches, federal law enforcement agencies, and government procurement offices. The account records for at least ten such clients were among the files Oxford allegedly removed.
What Oxford allegedly took: the 9,000+ files
In the two weeks before his September 2023 resignation, Oxford allegedly copied and removed more than 9,000 files from Integris’ computer systems. These were not routine business documents. They fell into four distinct protected categories:
CUI
Controlled Unclassified Information — government-designated sensitive data restricted to authorized personnel under federal handling requirements.
ITAR-controlled
Defense technical data governed by 22 CFR Parts 120–130. Unauthorized transfer — even to a domestic entity — can trigger federal criminal and civil liability.
EAR-controlled
Dual-use technology data under 15 CFR Parts 730–774. Covers commercial and military-applicable technical information.
Proprietary commercial
Customer account records for 10+ defense clients, pricing models, and manufacturing processes form Integris’ core competitive advantage.
The foreign ownership of Hesco Armor elevated this well beyond a standard IP dispute. Federal agencies — including the Defense Counterintelligence and Security Agency (DCSA) — actively monitor cases in which ITAR-controlled defense data moves toward foreign-affiliated entities. That scrutiny does not dissolve when a civil lawsuit settles.
ITAR in plain terms: Under 22 USC § 2778 and 22 CFR § 127.1, the unauthorized export, transfer, or disclosure of defense technical data can carry penalties of up to 20 years imprisonment and fines of up to $1 million per violation. The statute does not require proof of intent in all cases — even negligent transfer to an unauthorized party can trigger liability.
How the theft came to light: the whistleblower
Integris did not discover the data removal through routine internal monitoring. In January 2024, a Business Development Manager at Hesco Armor contacted Integris Composites directly. The employee disclosed what Oxford had allegedly brought over and revealed an alleged plan to use the stolen data to poach Integris clients and undercut their pricing in government contract bids.
Hesco Armor’s response was immediate: the company terminated Oxford on the spot. That decision carried significant legal weight — it demonstrated Hesco had no desire to benefit from the alleged conduct, and it substantially strengthened Integris’ evidentiary position when the lawsuit was filed weeks later.
The threat did not come from a hacker. It came from inside — and it nearly went undetected. That is the defining lesson of this case.
Timeline of the Rowdy Oxford lawsuit
Here is the complete verified sequence of events.
| Date | Event |
| September 2023 | Oxford resigns from Integris Composites to join Hesco Armor, Inc. |
| September 2023(two weeks prior to resignation) | Oxford allegedly copies 9,000+ files from Integris systems |
| January 2024 | Hesco Armor employee contacts Integris — whistleblower disclosure |
| January 2024 | Hesco Armor terminates Oxford immediately |
| February 27, 2024 | Integris Composites files lawsuit in the U.S. District Court, Western District of North Carolina |
| February 27, 2024 | Court grants Motion for Temporary Restraining Order and Motion to Seal |
| March 2024 | Court grants Preliminary Injunction — Oxford ordered to quarantine devices |
| March 11, 2024 | Oxford ordered to submit devices for forensic inspection and disclose recipients of shared data |
| January 12, 2025 | Judge Max Cogburn signs the Consent Final Order — case resolved Oxford did not admit guilt. Consent orders are legally binding but not admissions of wrongdoing. |
The case was assigned to District Judge Frank D. Whitney and U.S. Magistrate Judge Susan C. Rodriguez. The Preliminary Injunction, granted just weeks after filing, signaled that the court viewed the alleged misconduct as an urgent and credible threat.
The legal arguments: plaintiff vs. defendant
Integris Composites built its case on four legal pillars.
The first was the Uniform Trade Secrets Act (UTSA). This law protects proprietary business information — customer lists, pricing models, manufacturing processes — from theft and unauthorized use. Oxford had access to all of it.
The second was the Computer Fraud and Abuse Act (CFAA). This federal statute prohibits unauthorized access to computer systems. The allegation was that Oxford exceeded his authorized access to copy files he had no right to remove.
The third claim was breach of fiduciary duty. As a Vice President, Oxford held a legal obligation to act in the company’s best interests. Alleged data extraction for a competitor’s benefit is the opposite of that.
The fourth was breach of contract. Oxford had signed employment contracts and non-disclosure agreements. Those documents created binding obligations that, Integris argued, he violated.
Oxford’s defense challenged each of these points. His legal team denied all allegations and questioned the credibility of the evidence. They challenged witness testimonies and argued that Integris bore some responsibility for its own data security failures. The defense maintained that Oxford followed proper procedures throughout his tenure.
The court, however, moved quickly to grant injunctive relief, which indicates that the judges found sufficient cause to act before a full trial concluded.
How the case was resolved: the Consent Final Order
On January 12, 2025, Judge Max Cogburn signed the Consent Final Order. This document ended the civil lawsuit. A consent final order is a legal agreement. The defendant agrees to comply with specific court-mandated terms. Crucially, compliance does not equal an admission of guilt. Oxford did not formally admit wrongdoing. That distinction matters legally — and it is a point almost every competitor article gets wrong or ignores entirely.
So what did the order actually require? Oxford had to destroy or return all proprietary data belonging to Integris Composites. He had to submit his personal devices for a forensic audit — an independent examination to verify compliance. He faced a prohibition on employment with Hesco Armor or any direct competitor for a specified period. He also could not approach Integris clients, vendors, or business partners.
In addition, Oxford acknowledged Integris’ intellectual property rights and committed to ongoing confidentiality obligations. The consequences of non-compliance are severe. Violating a consent final order is contempt of court. Integris does not need to file a new lawsuit to pursue penalties — a single motion to enforce is sufficient. That substantially lowers the legal barrier if Oxford’s compliance ever falls short. The civil case is closed. However, that does not mean every avenue is exhausted.
Could criminal charges follow?
As of available public records, no criminal charges have been filed against Rowdy Oxford. The case was resolved as a civil lawsuit, not a criminal prosecution. That said, a civil settlement does not close a federal criminal investigation. The Department of Justice operates independently of private litigants. Integris Composites’ decision to settle does not bind federal prosecutors.
The ITAR dimension is the critical variable. Violations of ITAR regulations can carry serious federal criminal consequences — including significant fines and imprisonment. The statute does not require intent in all cases. Even negligent transfer of ITAR-controlled data to unauthorized recipients can trigger liability.
The foreign ownership of Hesco Armor adds another layer. Federal agencies pay close attention to cases where defense-related data moves toward foreign-owned entities. That scrutiny does not disappear the moment a civil case closes. In short, the civil chapter is over. The criminal chapter remains an open question.
What this case means for businesses
The Rowdy Oxford lawsuit is more than a legal case study. It is a warning that applies to any organization that handles sensitive data.
The insider threat is real — and it often comes from trusted people. Oxford was not a disgruntled junior employee. He was a decorated veteran and a Vice President. Organizations that focus only on external cybersecurity threats miss a significant vulnerability.
Offboarding protocols need serious attention. The alleged data extraction happened in the two weeks before Oxford’s resignation. A robust offboarding process — one that monitors file access and revokes permissions proactively — can detect this pattern early.
Digital forensics is now a core business tool. The forensic audit ordered by the court revealed the scope of what happened. Companies do not need to wait for a lawsuit to use these tools.
Cases involving sensitive information continue to attract significant legal scrutiny across industries. While the Rowdy Oxford lawsuit centers on defense-related data, consumer data disputes have also produced major litigation. Regular forensic monitoring of sensitive systems can catch anomalies before they become crises.
NDAs are only as strong as their enforcement. Oxford had signed non-disclosure agreements. Those agreements meant nothing without the infrastructure to detect a breach and the will to act on it immediately.
The defense industry faces heightened scrutiny. Cases like this accelerate federal demands for stronger data governance in defense contracting. Compliance is no longer optional — it is a contract requirement and, in many cases, a national security obligation.
You can read our coverage of the AT&T Class Action Lawsuit: Settlement, Eligibility, Payouts & Latest Updates to see how courts have addressed large-scale data exposure claims.
FAQs
Was Rowdy Oxford convicted?
No. The Rowdy Oxford lawsuit was a civil case, not a criminal prosecution. Oxford did not face a criminal conviction. The case ended in a Consent Final Order on January 12, 2025. He agreed to specific terms without admitting guilt.
What is a consent final order?
A consent final order is a court-approved legal agreement. The defendant agrees to follow specific terms set by the court. It resolves the case without a full trial verdict. Importantly, it does not require an admission of guilt — but it is legally binding and enforceable.
What did Rowdy Oxford allegedly steal?
Oxford allegedly copied more than 9,000 files from Integris Composites in the two weeks before his resignation. The files included Controlled Unclassified Information (CUI), ITAR-controlled defense data, EAR-regulated technology data, and customer account records for at least ten clients in military, law enforcement, and commercial sectors.
What is ITAR, and why does it matter here?
ITAR stands for the International Traffic in Arms Regulations. It restricts access to and transfer of U.S. defense-related technical data. Unauthorized sharing of ITAR-controlled information — even with a domestic party — can carry federal legal consequences. The presence of ITAR data in this case is what elevated it beyond a typical business dispute.
Could Rowdy Oxford face criminal charges?
No criminal charges have been filed as of the available records. However, a civil settlement does not prevent federal prosecutors from pursuing a separate criminal case. ITAR violations can carry federal criminal penalties. The matter remains an open question.
What is Integris Composites?
Integris Composites USA, Inc. is a North Carolina-based defense contractor. The company produces ballistic armor and protection systems. It is the successor company to TenCate Advanced Armour. Its clients include the U.S. military, federal law enforcement agencies, and government procurement offices.
Did Hesco Armor do anything wrong?
Hesco Armor was not found liable in the civil case. In fact, a Hesco employee was the whistleblower who reported Oxford to Integris. The company then terminated Oxford immediately. That response cleared Hesco of direct complicity, though Oxford’s alleged plan was to use Integris data to benefit Hesco in competitive bids.
Conclusion
The Rowdy Oxford lawsuit is one of the most significant insider threat cases in recent U.S. defense industry history. A decorated military veteran and senior executive allegedly used his privileged access to extract thousands of protected files — and then took those files to a foreign-owned competitor.
The federal court acted fast. The Preliminary Injunction came within weeks. The Consent Final Order followed in January 2025. The civil case closed, but the questions it raised about data security, ITAR compliance, and corporate trust are far from settled.
Every organization that handles sensitive data — in defense or elsewhere — should study this case closely. The threat did not come from a hacker. It came from the inside. And it nearly went undetected.
Sadia Parveen is a content writer at ClassAction24.com who creates informational articles on class action lawsuits, consumer protection matters, and legal developments. Her work focuses on researching publicly available information and presenting it in a clear and neutral format for general readers. She does not provide legal advice or professional legal services.
