Unfashionable network breach at Gucci’s

Sam Chihlung Yin created a fake VPN token in the name of a fictional employee in order to access Gucci’s network after he was fired. He tricked IT personnel at the company into activating the VPN, enabling him to delete documents and emails, as well as shut down the server for 24 hours.

In total, the district attorney estimated that Yin caused $200,000 in damages as a result of diminished productivity, document restoration and remediation measures, and other expenses.

According to the indictment, Yin accessed Gucci’s network on Nov. 12, 2010, deleted several servers, shut down a storage area network, and deleted a disk containing the corporate mailboxes from an email server.

“As a result, Gucci staff was unable to access any documents, files, or other materials saved anywhere on its network. Additionally, Yin's destruction of data from the e-mail server cut off the e-mail access not only of corporate staff, but also of store managers across the country and the e-commerce sales team, resulting in thousands of dollars in lost sales”, according to a statement from the Manhattan District Attorney’s office.

Yin faces a 50-count indictment that includes charges of computer tampering, identity theft, falsifying business records, computer trespass, criminal possession of computer-related material, unlawful duplication of computer-related material, and unauthorized use of a computer.

"Computer hacking is not a game. It is a serious threat to corporate security that can have a devastating effect on personal privacy, jobs, and the ability of a business to function at all", Vance concluded.

What’s Hot on Infosecurity Magazine?