Juliana Barile, the former employee of a New York credit union, pleaded guilty to accessing the financial institution’s computer systems without authorization and destroying over 21 gigabytes of data in revenge after being fired.”In an act of revenge for being terminated, Barile surreptitiously accessed the computer system of her former employer, a New York Credit Union, and deleted mortgage loan applications and other sensitive information maintained on its file server,” Acting U.S. Attorney Jacquelyn M. Kasulis said.
According to court documents, the defendant worked remotely as a part-time employee for the credit union until May 19, 2021, when she was fired.
Even though a credit union employee asked the bank’s information technology support firm to disable Barile’s remote access credentials, that access was not removed. Two days later, on May 21, Barile logged on for roughly 40 minutes.
Also Read: Lessons from PDPC Incident and Undertaking: August 2021 Classes
The defendant deleted over 20,000 files and around 3,500 directories during that time, totaling roughly 21.3 gigabytes of data stored on the bank’s share drive.
The wiped included files related to customers’ mortgage loan applications and the financial institution’s anti-ransomware protection software.
Besides deleting documents with customer and company data, Barile also opened various confidential Word documents, including files containing board minutes for the credit union.
Five days later, on May 26, she also told a friend via text messages how she was able to destroy thousands of documents on her former employer’s servers, saying, “They didn’t revoke my access so I deleted p drift lol. [..] I deleted their shared network documents.”
Although the New York credit union had backups of some of the data deleted by the defendant, it still had to spend more than $10,000 to restore the destroyed data following Barile’s unauthorized intrusion.
Also Read: Vulnerability Management for Cybersecurity Dummies
“Ms. Barile may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers,” FBI Assistant Director-in-Charge Driscoll added.
“Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling.
“An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee’s selfish actions.”
Role of Enhanced Access Controls in Safeguarding Personal Data in Telecommunications that every Organisation in…
Effective Incident Response Procedures in Strengthening Data Security that every Organisation in Singapore should know…
Crucial Role of Regular Vulnerability Scanning that every Organisation in Singapore should know. Strengthening Your…
Enhancing Data Security with Multi-Factor Authentication that every Organisation in Singapore should know. Enhancing Data…
Strong Password Policy as a first line of defense against data breaches for Organisations in…
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
This website uses cookies.
