NY Credit Union Employee Gets Fired And Then Rage-Deletes 21GB Of Data
Such is the case of Juliana Barile, an employee for a New York Credit Union working remotely due to COVID-19 restrictions. She had access to credit union systems via her work-issued username and password. Although her dismissal details weren’t provided in court documents [PDF], Barile was fired on May 19th, 2021. At that time, someone should have revoked her access to credit union systems, but this action was not taken for some reason.
Once Barile found out that she still had access despite being fired, she logged in on May 21st to exact her revenge on her former employer. Over a 40-minute span, Barile accessed the internal file server and deleted over 20,400 files and nearly 3,500 directories. In total, 21.3 gigabytes of data were deleted.
Deleted data included mortgage loan applications and shared Word documents that contained minutes for credit union board meetings. Then, in an almost comical turn of events, Barile deleted a folder labeled "Don't Delete" that featured Cynet Ransom Protection software.
Given that she accessed the corporate network with her own credentials, it wasn't hard to track down the culprit. And once law enforcement got involved, they were able to gather even more evidence, including text messages sent to a friend that stated, "They didn’t revoke my access so I deleted p [drive] lol.”
According to the court filing, the credit union had backups for "some" of the deleted data but still had to pay $10,000 to have a professional service "[remediate] Barile’s unauthorized intrusion and destruction of data."
“Ms. Barile may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers. Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling,” said FBI Assistant Director-in-Charge Michael J. Driscoll. “An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee's selfish actions.”
According to the U.S. Attorney's Office for the Eastern District of New York, its Cybercrime Task Force and the National Security and Cybercrime Section will handle the prosecution against Barile.