A disgruntled former credit union employee pleaded guilty in Brooklyn Federal Court on Tuesday to one count of computer intrusion after she accessed the company’s file server and deleted more than 21 gigabytes of data, including more than 20,000 files and nearly 3,500 directories, according to the Department of Justice.
Juliana Barile, a 35-year-old who faces up to 10 years’ imprisonment and a fine, retaliated against the unnamed New York-based credit union after she was fired on May 19 from her position as a part-time employee. Two days later, Barile deleted vast amounts of data related to mortgage loan applications, as well as the credit union’s anti-ransomware protection software (which was contained in a folder labeled “DON’T DELETE!”).
According to court documents, Barile sent text messages to a friend afterwards saying: “I deleted their shared network documents,” referring to the company’s share drive. The credit union had backed up some of the deleted data, but the incident has cost about $10,000 in remediation so far.
“Ms. Barile may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers. Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling,” FBI Assistant Director-in-Charge Michael Driscoll said in a statement. “An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee’s selfish actions.”
The incident is one of the first cases being handled by the Eastern District of New York’s Cybercrime Task Force, which was set up in May 2021 to initiate cybercrime investigations and prosecutions, disseminate information about emerging cybercrime issues and trends, and heighten awareness about a wide variety of cybercrime schemes, according to the Department of Justice.
Source: Recorded Future