Human Resources News & Insights

Former worker sentenced for sabotaging company servers

If your company has to fire an IT worker, it’s a very good idea to make sure they no longer have access to your company’s servers.

Priyavrat Patel has been sentenced to six months in prison and three years of supervised release for sabotaging three servers at Pratt-Read in Connecticut. He also has to pay $120,000 in restitution and may face a fine at a later date.

Prosecutors say Patel knocked the servers offline over Thanksgiving weekend last year. He pleaded guilty to computer intrusion charges, according to The New York Times.

Patel admitted deleting files from the servers, hoping to bring them down. He succeeded, critically damaging operations at the Connecticut-based toolmaker for two weeks.

Late last November, Patel accessed the servers from home to retaliate against the company, according to court documents. It had fired him about a month earlier.

His attorney said Patel’s intention was to cause “a small hiccup” that would create problems for a few hours, not days. The attorney claims the company’s recovery took a lot longer than it should have because it inadvertently caused more damage while trying to repair the situation.

Print Friendly

Subscribe Today

Get the latest and greatest Human Resources news and insights delivered to your inbox.

Comments

  1. It’s always nice when there are reasonable consequences for destructive actions. His assertion that he only wanted to cause “a small hiccup” just doesn’t fly. It’s kind of like saying, “I just wanted to hurt him, not kill him” after you’ve beaten someone to death. Even if the company wasn’t totally fair in their treatment of Patel, he was completely unjustified in trying to do them harm. He should have sought legal recourse, assuming any was due, and not taken things into his own hands.

  2. We have one IT Systems Administrator. How would you go about blocking his access so this person wouldnt be able to do any damage? This person is the only one who has control over all of our IT operations. Would you hire someone to come in before the termination and deny the access? Where would you find someone to do this?

  3. Beverly C says:

    A one-man/woman IT shop is a liability for any organization. Most IT consultants recommend that you have at least two people who know your IT set up and all its passwords, settings and controls. What would you do if your IT admin got hit by a truck? Who’d have the “keys” to the kingdom then?

    Best idea: Have either your new IT person or a temp with IT skills on hand when you decide to terminate the administrator. Make sure the new person has the know-how to change settings, passwords and take the hand off from the departing staffer. And then make sure your firewall’s in place to protect you from outside penetration by a disgruntled former employee. Eliminate any accounts and change all passwords your old admin used.

    This wasn’t done recently by a California company, where the ex-IT manager was able to log onto his former employer’s network five months after being fired (he used an old password that had been valid before he was fired and, to his disbelief, the company had no firewall and the passwords were never changed.) He opened the email server up to spammers. Employees wound up not being able to send or receive email or look up old messages for days, and the company was also blacklisted by an anti-spam organization.

    The lesson: Be careful who you hire or fire from IT jobs.

  4. No position in the company, should have the “keys to their kingdom”. All key positions, have access to sensitive data, that no one else has. The most sensitive position is IT. Every position should have it’s backup, with security access codes to websites, account numbers, etc. This is just good business. IT is no different. Even if it’s a binder or a CD, or something that is locked up, just in case the employee gets hit by a bus. This should be a no-brainer for any company, no matter what size! The damage done or the lack of work you’re able to do by an ex-employee or an employee that gets hit by a bus can be “examined” when you work through your disaster recovery plan. If you don’t have your ducks in a row now, this is a good way to cover your intentions and get it done without alarming anyone. Call a meeting of your executive staff, and run through disaster scenarios. What if the CFO get’s hit by a bus, who has his access? who else can sign checks? Who is authorized to add people to accounts. What if the CIO get’s hit by a bus? Who has the passwords, etc?. Whether you are intending to fire someone or not, this is a good way to avert a disatrous situation down the road.

Speak Your Mind

*