Sacked Employee Deletes 21GB of Credit Union Files

A former credit union employee is facing a decade behind bars after pleading guilty to destroying large amounts of corporate data in revenge for being fired.

Juliana Barile, 35, of Brooklyn, submitted the plea at a federal court in Brooklyn on Tuesday, admitting to one count of computer intrusion arising from her “unauthorized intrusion into, and destruction of data” on her former employer’s computer system.

Two days after being fired on May 19 2021, Barile is said to have accessed the file server of the New York-based credit union, opened confidential files and deleted 21.3GB of data, including 20,000 files and almost 3500 directories, according to the Department of Justice (DoJ).

The deleted files apparently related to mortgage loan applications and the company’s anti-ransomware software.

She also sent a text message shortly after to a friend claiming: “I deleted their shared network documents.”

According to the DoJ, the credit union spent $10,000 fixing the unauthorized intrusion and deletion of documents.

“Ms. Barile may have thought she was getting back at her employer by deleting files, however she did just as much harm to customers. Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling,” said FBI assistant director-in-charge Michael Driscoll. 

“An insider threat can wreak just as much havoc, if not more, than an external criminal. The bank and customers are now faced with the tremendous headache of fixing one employee's selfish actions.”

The case highlights the importance of prompt offboarding of terminated employees. According to the court documents, a credit union employee requested that its IT support firm disable Barile’s network access, but this was not done in time.

Instead, she was able to use her username and password to access the file server remotely for around 40 minutes.

What’s Hot on Infosecurity Magazine?