On Tuesday, a woman from Brooklyn, New York, pleaded guilty to destroying computer data at an unidentified credit union from which she had recently been fired.
Juliana Barile, 35, according to charges filed by the US Attorney’s Office in the Eastern District of New York [PDF], was working remotely at the credit union on a part-time basis when she was terminated on May 19, 2021. An employee from the credit union is said to have asked the firm’s IT department to disable Barile’s system access but that didn’t happen.
Two days later, Barile logged into the credit union’s file server and, over the next 40 minutes, trashed it.
“During that time period, Barile deleted approximately 20,433 files and 3,478 directories, a total of approximately 21.3 gigabytes of data, from the ‘P:\’ drive on that file server, which the Credit Union’s employees referred to as the ‘share’ drive,” the court filing says.
“The deleted data included files related to mortgage loan applications received by the Credit Union, as well as the contents of a folder labeled ‘! Cynet Ransom Protection(DON’T DELETE),’ a folder containing information related to Cynet’s anti-ransomware protection software.”
Five days later, on May 26, 2021, Barile is said to have sent a series of text messages to a friend describing her destruction of her former employer’s data. In one message, according to the court filing, she wrote, “They didn’t revoke my access so I deleted p drift lol.” And she subsequently corrected the typo “p drift” to read “P drive shared file” in reference to the credit union’s file server.
“Ms. Barile may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers,” said FBI Assistant Director-in-Charge Michael Driscoll in a statement. “Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling.”
Driscoll added that the credit union and its customers now face the burden of restoring the data. Court documents indicate that the credit union had “some” of the data backed up and that it has spent more than $10,000 undoing the damage.
This sort of thing happens fairly frequently. In August, 2020, for example, a former Cisco employee admitted to deleting 456 AWS virtual machines for Cisco’s WebEx Teams application without authorization some five months after leaving the networking biz. A year earlier, a former IT admin for Arizona-based Blue Stone Strategy Group, was sentenced to more than two years in prison for deleting his employer’s files. Also in 2019, an IT consultant based in the UK earned a two-year sentence for deleting servers from his former employer’s AWS accounts.
Having pleaded guilty to one count of computer intrusion, Barile faces up to 10 years imprisonment and a fine when sentenced.
Barile’s attorney, Michael Baldassare, of Baldassare & Mara, LLC, declined to comment. ®