NY Credit Union Employee Deletes 21GB of Data in Retaliation for Being Fired
Credit Union Has Spent More than $10,000 in Remediating the Destruction of Data.
On Tuesday, Juliana Barile, a former employee of a credit union in New York pleaded guilty in Brooklyn Federal Court for intruding into the financial institution’s website and wiping out 21.3 GB of data.
The data destruction comes after the Brooklyn woman lost her job as a part-time employee at the credit union on May 19, 2021. She was also working remotely as a result of the ongoing COVID-19 pandemic.
Acting U.S. Attorney Kasulis declared:
In an act of revenge for being terminated, Barile surreptitiously accessed the computer system of her former employer, a New York credit union, and deleted mortgage loan applications and other sensitive information maintained on its file server.
Protecting private financial data from being compromised or destroyed by unauthorized computer intrusions is an important priority of this office.
What Data Was Deleted?
According to court documents, two days after her dismissal, Barile, logged in using a username and password provided by the Credit Union and accessed the bank’s file server for about 40 minutes.
During this time, the woman deleted approximately 21.3 gigabytes worth of data from the share drive, more precisely 20,433 files and 3,478 directories.
The data she destroyed included documents related to mortgage loan applications, as well as a folder containing information related to the union’s anti-ransomware protection software. She also accessed confidential files.
The Incident Could Have Been Adverted
After Barile was fired from Credit Union, another employee asked that the bank’s IT support firm disable the woman’s access to the Credit Union’s computer system, but that never happened.
A few days after the woman accessed the computer server without authorization and destroyed files she texted a friend to talk about what she did:
They didn’t revoke my access so I deleted p drift lol.” BARILE then corrected her message, which included the typographical error “p drift,” by writing “P drive shared file,” a reference to the “P:\” drive on the Credit Union’s file server. BARILE also wrote: “I deleted their shared network documents,” again referring to the Credit Union’s “P:\” drive.
Even if the financial institution had backed up some of the data that the defendant Juliana Barile destroyed, it still spent roughly $10,000 in remediating the woman’s unauthorized intrusion and destruction of data.
FBI Assistant Director-in-Charge Driscoll declared:
Ms. Barile may have thought she was getting back at her employer by deleting files, however, she did just as much harm to customers. Her petty revenge not only created a huge security risk for the bank, but customers also depending on paperwork and approvals to pay for their homes were left scrambling.
An insider threat can wreak just as much havoc, if not more, than an external criminal.