SAP has admitted that its TomorrowNow division made some "inappropriate downloads" from an Oracle web site, but denied it ever had access to the material.
The revelation came in SAP's response to a lawsuit Oracle filed earlier this year.
In an about face from his previous position, SAP CEO Henning Kagermann also said that his company is open to a settlement with Oracle, which has charged SAP with "corporate theft on a grand scale."
TomorrowNow was authorised to download materials from Oracle's web site on behalf of customers, SAP said, but acknowledged that there were some inappropriate downloads of software patches and support documents. SAP announced new oversights at TomorrowNow, including the appointment of a new executive chairman, to avoid such problems in the future.
"Even a single inappropriate download is unacceptable from my perspective," Kagermann said in a statement. "We regret very much that this occurred."
The downloads on behalf of customers, which happened in late 2006, were for materials that customers lacked licenses for, Kagermann said at a press conference.
Kagermann did not rule out the possibility of firing TomorrowNow employees for the downloads, but he said there are currently no plans to do so. "We will do what it takes to stay 100 percent pure," he said.
SAP disputes most of Oracle's allegations, he added. "We believe just downloading support materials is not harm to a company," he said.
The US Department of Justice has asked for documents related to the case from SAP and TomorrowNow, SAP said, and the companies will cooperate with the request.
Oracle filed its surprise lawsuit against SAP on 22 March. It alleged that TomorrowNow staff hacked into a support web site for users of Oracle's PeopleSoft and JD Edwards applications and downloaded vast amounts of content, which SAP then used to offer Oracle customers cut-rate support services.
SAP will consider all options in the Oracle case including a possible settlement, Kagermann said. That marks an abrupt turnaround from April, when Kagermann said during the company's quarterly earnings call: "We have no intention to settle; why should we?"
The legal proceedings will likely have no impact on SAP's business in the US, Kagermann said Tuesday, vowing to continue its Safe Passage campaign to win customers from Oracle.
The company launched a web site where it will publish information related to the case, including court filings and a time line of events.
SAP also appointed a new executive chairman to manage TomorrowNow's operations and oversee compliance programs. Mark White, chief operating officer of SAP America, will take on the role. TomorrowNow workers will also get training to ensure they understand company's policies. TomorrowNow CEO Andrew Nelson will report to White.
TomorrowNow and other third-party support providers rely on their customers to provide passwords to access support materials from Oracle in order to make fixes, SAP said, suggesting it is a normal practice. But it reiterated that some inappropriate downloads did occur, without providing more information.
TomorrowNow provides maintenance and support to customers using Oracle's PeopleSoft and Siebel applications. SAP acquired TomorrowNow in 2005, around the same time Oracle closed its acquisition of PeopleSoft, which had previously bought JD Edwards.
The market for third-party support services for ERP (enterprise resource planning) and CRM (customer relationship management) applications has emerged in recent years. Companies such as TomorrowNow cater to customers using older versions of the software and charge lower maintenance fees than Oracle. Oracle is also in the third-party maintenance market, supporting SAP's older R/3 applications through a partnership with Systime Computers.
The original charges in Oracle's lawsuit included violations of the Federal Computer Fraud and Abuse Act and of California's Computer Data Access and Fraud Act, along with unfair competition charges. On 1 June Oracle filed an amended complaint, adding copyright infringement and breach of contract claims.
The complaints were filed against SAP, SAP America, TomorrowNow and 50 unnamed individuals Oracle said were SAP employees.
Oracle said it discovered the access to its Customer Connection website after noting periods of heavy download activity late last year. The vendor claims it found over 10,000 unauthorised downloads of its software and support materials, which it traced to an IP address at the headquarters of TomorrowNow in Bryan, Texas. That IP address was connected directly to SAP's computer network, Oracle alleged.
The TomorrowNow staff accessed the support site by pretending to be Oracle customers, according to the suit. For one of those customers, Honeywell International, Oracle said it had connected many of the downloads to a particular TomorrowNow employee, Wade Walden, who previously worked at PeopleSoft.
(Grant Gross in Washington, DC, contributed to this report.)