Fired Credit Union Employee Takes Revenge Deleting 21GB of Data

Exploit: Internal Threat
Company: Unnamed Credit Union
Industry: Financial
Sources: Newsweek | US Department of Justice | InfoSecurity Magazine

"An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee's selfish actions."- FBI Assistant Director-in-Charge Driscoll

A former credit union employee, Juliana Barile, recently pleaded guilty to accessing the financial institution’s computer systems without authorization and deleting over 21GB of data. Barile’s actions were carried out as a revenge act after being fired.

Before her termination, Barile was working remotely as a part-time employee for the credit union. On May 19, 2021, the institution took action requesting their IT team disable Barile’s remote access credentials upon her dismissal. Unfortunately, the request was not seen through and two days after being fired, Barile logged onto the credit union’s system for approximately 40 minutes.

An estimated 21.3 gigabytes of data that were stored on the institution’s share drive were deleted, including over 20,000 files and roughly 3,500 directories. Among the deleted files were said to be the credit union’s anti-ransomware protection software and other files related to customer mortgage loan applications. Barile also accessed several confidential Word documents which contained board minutes.

Days later Barile later boasted to her friend sharing a text message that exclaimed, "They didn't revoke my access so I deleted p drift lol. [..] I deleted their shared network documents."

Damages

Although the institution was fortunate enough to have backups of some of the deleted data, the credit union had to spend over $10,000 to restore the data. The organization is also likely to have setbacks in reputational damages, downtime, and other remediation costs as fallout from the incident.

While Barile’s act of revenge seems to be aimed at the financial institution, customers and other stakeholders alike are sure to suffer from these actions as well.

Preventative Measures

While credit unions typically have dedicated logins and permissions to access their many systems, it is clear that in this case protocol and steps were neglected. This incident highlights the extreme importance of having policies in place to prioritize the disablement of accounts when employees are terminated. Organizations in all industries should use services such as Identity & Access Management to streamline the setup and termination of accounts in a highly efficient and manageable way.

As hybrid/remote work environments and cyber criminals attempting to lure employees to initiate data breaches for profit continues to influence the increased number of insider threats, institutions can also look to implement Internal Insider Threat Detection. Picking up on suspicious changes or attempts at system sabotage by what appears to be a trusted individual can be daunting to think about. The speed at which organizations can identify violations and intrusions is key to mitigating the costs and damages.

In the event that a breach or data loss does occur, it is vital to have Business Continuity Solutions in place to ensure an organization can rapidly restore data without risking increased costs and extreme amounts of downtime in the process. Simply having your data backed up may not be enough as was the case with the incident above. Business Continuity Solutions can not only help with data breaches but with natural disasters and other unpredictable occurrences as well.

Furthermore, organizations today must adapt to the permanence of remote staff and the increased attack surface that they bring. The security of having a Remote Access Solution must be considered knowing that organizational data is constantly at risk. Implementing a Data Loss Prevention goes a step beyond providing further monitoring and protection for your sensitive, internal data.

Find out how we can help you defend your business against modern cyber threats.

More than ever, organizations of all sizes have been facing a historical rise in cyber attacks and data breaches. Talk to a cyber security expert today and find out how we can provide expert consulting and a portfolio of Cyber Security solutions designed to protect your organization against today’s most prevalent threats.