A composite case study based on conversations with M&A advisors. Details changed to protect the parties involved. The lesson — that a single document can kill a nine-figure deal — is unfortunately common.

The deal

A $40 million acquisition of an Australian software company by a larger competitor. The deal had been in negotiation for four months. Due diligence was nearly complete. The sale and purchase agreement was in final drafting. Champagne was in the fridge.

The data room

The seller's data room was managed through a basic file-sharing service. Folders were organised by topic: financials, customers, employees, contracts, IP. Access was granted to everyone on the buyer's team — about a dozen people across legal, finance, technical, and operations.

Permissions were "view only" in theory. In practice, anyone could download. There was no per-document audit trail, no watermarking, no NDA gating beyond the overall transaction NDA signed at the start.

The incident

Late in the process, a junior associate on the buyer's technical team came across a file in the "customer contracts" folder. It was a contract with a major government agency — the seller's single largest customer, worth 18% of annual revenue. The contract had a clause the associate found interesting: a "change of control" provision allowing the customer to terminate if the seller was acquired.

The associate mentioned it to their lead. The lead mentioned it to the buyer's lawyer. The lawyer confirmed the clause was in fact triggering on the transaction. The buyer's deal team asked the seller: would the customer consent to the acquisition? The seller said yes, they were confident — they'd spoken to the customer.

The problem

The "confident" part turned out to be wrong. When the seller formally requested consent, the customer took three weeks to respond, then said no. The customer had concerns about the buyer's existing relationship with a competitor and wanted to put the contract out to tender.

Losing 18% of revenue and a cornerstone customer was not something the buyer was willing to absorb. They walked. The deal collapsed.

What went wrong

The deal died for a real commercial reason — the change of control clause and the lost customer. That wasn't the data room's fault. But the way the information surfaced was: a junior associate browsing through an un-watermarked, non-gated folder of sensitive customer contracts, triggering a chain of events the seller couldn't control.

If the customer contracts had been gated — accessible only to the specific deal leads, watermarked with viewer details, and requiring explicit access requests — the seller would have had visibility into who was reviewing what. They could have front-run the customer consent conversation. They could have negotiated an amendment to the clause before the buyer's team even saw it.

The moral

Data rooms aren't just for preventing leaks. They're for giving the seller visibility and control over the narrative of the due diligence process. Knowing who's looking at what, in what order, for how long, is information you can act on. Without it, you're flying blind while the buyer builds their case.