Responding to a lawsuit filed by Oracle earlier this year, SAP admitted on Tuesday that its TomorrowNow US division made some "inappropriate downloads" from an Oracle website, but said SAP never had access to the material.
In an about face from his previous position, SAP chief executive Henning Kagermann also said that his company is open to a possible settlement with Oracle, which has charged SAP with "corporate theft on a grand scale".
TomorrowNow was authorised to download materials from Oracle's website on behalf of customers, SAP said, but acknowledged that there were some inappropriate downloads of software patches and support documents. SAP announced new oversights at TomorrowNow, including the appointment of a new executive chairman, to avoid such problems in the future.
"Even a single inappropriate download is unacceptable from my perspective," Kagermann said. "We regret very much that this occurred."
The US Department of Justice has asked for documents related to the case from SAP and TomorrowNow, SAP said, and the companies will cooperate with the request.
Oracle filed its surprise lawsuit against SAP on 22 March. It alleged that TomorrowNow staff hacked into a support Web site for users of Oracle's PeopleSoft and JD Edwards applications and downloaded vast amounts of content, which SAP then used to offer Oracle customers cut-rate support services.
SAP had until midnight local US time Monday night to file its response in the US Northern District Court of California, which is hearing the case, and filed the documents shortly before the deadline.
SAP will consider all options in the Oracle case including a possible settlement, Kagermann said in a press conference Tuesday. That marks an abrupt turnaround from April, when Kagermann said during the company's quarterly earnings call: "We have no intention to settle; why should we?"
The legal proceedings will likely have no impact on SAP's business in the US, Kagermann said Tuesday, vowing to continue its Safe Passage campaign to win customers from Oracle.
The company launched a website, where it will publish information related to the case, including court filings and a timeline of events.
SAP also appointed a new executive chairman to manage TomorrowNow's operations and oversee compliance programmes. Mark White, chief operating officer of SAP America, will take on the role. TomorrowNow workers will also get additional training to ensure they understand company's policies. TomorrowNow chief executive, Andrew Nelson will report to White.
TomorrowNow and other third-party support providers rely on their customers to provide passwords to access support materials from Oracle in order to make fixes, SAP said, suggesting it is a normal practice. But it reiterated that some inappropriate downloads did occur, without providing more information.
TomorrowNow provides maintenance and support to customers using Oracle's PeopleSoft and Siebel applications. SAP acquired TomorrowNow in 2005, around the same time Oracle closed its acquisition of PeopleSoft, which had previously bought JD Edwards.
The market for third-party support services for enterprise resource planning (ERP) and customer relationship management (CRM) applications has emerged in recent years. Companies such as TomorrowNow cater to customers using older versions of the software and charge lower maintenance fees than Oracle. Oracle is also in the third-party maintenance market, supporting SAP's older R/3 applications through a partnership with Systime Computers.
The original charges in Oracle's lawsuit included violations of the Federal Computer Fraud and Abuse Act and of California's Computer Data Access and Fraud Act, along with unfair competition charges. On 1 June Oracle filed an amended complaint, adding copyright infringement and breach of contract claims.
The complaints were filed against SAP, SAP America, TomorrowNow and 50 unnamed individuals Oracle said were SAP employees.
Oracle said it discovered the access to its Customer Connection website after noting periods of heavy download activity late last year. The vendor claims it found over 10,000 unauthorised downloads of its software and support materials, which it traced to an Internet Protocol (IP) address at the headquarters of TomorrowNow in Bryan, Texas. That IP address was connected directly to SAP's computer network, Oracle alleged.
The TomorrowNow staff accessed the support site by pretending to be Oracle customers, according to the suit. For one of those customers, Honeywell International, Oracle said it had connected many of the downloads to a particular TomorrowNow employee, Wade Walden, who previously worked at PeopleSoft.