An IT engineer fired by Gucci hacked into the company’s servers, deleting data and shutting down its email and other IT services in a revenge attack estimated to have cost the upmarket retailer around £125,000, Manhattan prosecutors allege.
Sam Chihlung Yin, 34 and from Jersey City, is accused of having secretly created a user account for himself in the name of a fictional employee while working at Gucci, giving him continued access to the company’s IT servers after he was sacked for an unrelated incident in May last year.
He is said to have used the account and administrator passwords he had taken with him to hack into its corporate servers for around six months. On one day in November last year, he allegedly deleted servers, shut down storage areas and wiped mailboxes on the Gucci America system. He is also said to have shut down the network for the whole day, preventing employees from accessing any documents, files or other materials saved anywhere on its network.
The New York County District Attorney’s office, which is prosecuting the case, said in a statement: “Yin’s destruction of data from the e-mail server cut off the e-mail access not only of corporate staff, but also of store managers across the country and the e-commerce sales team – resulting in thousands of dollars in lost sales.”
IT security expert Graham Cluley underlined the importance of changing passwords and resetting access rights when members of staff leave, adding that there is “definitely the possibility” that future attacks could expose customers’ data.
“Disgruntled employees could take customer databases with them when they leave. Some have even planted logic bombs in databases which only they can diffuse so, if they are ever fired, whole databases could be obliterated or transmitted.”
He added: “People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.
Last year, a former employee of US investment bank Fannie Mae planted malicious codes designed to destroy information on the company’s servers after being fired.
Mr Yin is charged with computer tampering, identity theft, falsifying business records, computer trespass, criminal possession of computer-related material, unlawful duplication of computer-related material, and unauthorised use of a computer, according to an indictment filed in a Manhattan court.