Revenge, or sometimes, just plain old greed, can lead former or current employees to harm your organization by exfiltrating data, customer information, or sensitive intellectual property. Here are real world examples of people who have done just that, as well as what happened to them. Read more about different types of insider threats, and why inside threat management matters here.
The employee who deleted data after being fired
Since the outbreak of COVID-19, 81% of the global workforce have had their workplace fully or partially closed. And 2022’s tech layoffs have added 121,000 tech workers to that list. Unsurprisingly this has caused widespread distress, it’s also led to an increase in malicious insider threats, particularly when you combine this distress with the reduced visibility of IT and security teams.
One such case involves a former employee of a medical device packaging company who was let go in early March 2020. After he was given his final paycheck, Christopher Dobbins hacked into the company’s computer network, granted himself administrator access, and then edited and deleted nearly 120,000 records. This caused significant delays in the delivery of medical equipment to healthcare providers.
The employee who sold company data for financial gain
An older one this, but it checks out. In 2017, an employee at Bupa accessed customer information via an in-house customer relationship management system, copied the information, deleted it from the database, and then tried to sell it on the Dark Web. The breach affected 547,000 customers and in 2018 after an investigation by the ICO, Bupa was fined £175,000.
The employee who stole trade secrets
In July 2020, further details emerged of a long-running insider job at General Electric (GE) that saw an employee steal valuable proprietary data and trade secrets. The employee, Jean Patrice Delia, gradually exfiltrated over 8,000 sensitive files from GE’s systems over eight years — intending to leverage his professional advantage to start a rival company.
The FBI investigation into Delia’s scam revealed that he persuaded an IT administrator to grant him access to files and that he emailed commercially-sensitive calculations to a co-conspirator. Having pleaded guilty to the charges, Delia was sentenced to 24 months in jail. What can we learn from this extraordinary inside job? Delia hacked the human to gain access controls, which is why ensuring you have robust email threat protection is vital.
The ex-employee who got two years for sabotaging data
The case of San Jose resident Sudhish Kasaba Ramesh serves as a reminder that it’s not just your current employees that pose a potential internal threat—but your ex-employees, too. Ramesh received two years imprisonment in December 2020 after a court found that he had accessed Cisco’s systems without authorization, deploying malware that deleted over 16,000 user accounts and caused $2.4 million in damage. The incident emphasizes the importance of properly restricting access controls—and locking employees out of your systems as soon as they leave your organization.
The employees leaking customer data
Toward the end of October 2020, an unknown number of Amazon customers received an email stating that their email address had been “disclosed by an Amazon employee to a third-party.” Amazon said that the “employee” had been fired — but the story changed slightly later on, according to a statement shared by Motherboard which referred to multiple “individuals” and “bad actors”. So how many customers were affected? What motivated the leakers? We still don’t know. But this isn’t the first time that the tech giant’s own employees have leaked customer data. Amazon sent out a near-identical batch of emails in January 2020 and November 2018. If you want to prevent a data breach, insider threats management of email is critical.
The ex-employee who offered 100 GB of company data for $4,000
Police in Ukraine reported in 2018 that a man had attempted to sell 100 GB of customer data to his ex-employer’s competitors—for the bargain price of $4,000. The man allegedly used his insider knowledge of the company’s security vulnerabilities to gain unauthorized access to the data.
This scenario presents another challenge to consider when preventing insider threats—you can revoke ex-employees’ access privileges, but they might still be able to leverage their knowledge of your systems’ vulnerabilities and weak points.
The security officer who was fined $316,000 for stealing data (and more!)
In 2017, a California court found ex-security officer Yovan Garcia guilty of hacking his ex-employer’s systems to steal its data, destroy its servers, deface its website, and copy its proprietary software to set up a rival company. The cybercrime spree was reportedly sparked after Garcia was fired for manipulating his timesheet. Garcia received a fine of over $316,000 for his various offenses.
The sheer amount of damage caused by this one disgruntled employee is pretty shocking. Garcia stole employee files, client data, and confidential business information; destroyed backups; and even uploaded embarrassing photos of his one-time boss to the company website.
Read more on who Tessian stops insider threats by email, or download the data sheet for more information.
