A British man has been sent to prison for two years after he wiped out his ex-employer’s business-critical data in cloud storage, according to a report by the United Kingdom’s Thames Valley Police.
Steffan Needham, of Bury, Greater Manchester, worked as an IT consultant at a digital marketing and software agency called Voova for four weeks in early 2016. After he was sacked for poor performance, he used a former coworker’s Amazon Web Services (AWS) account to access 23 AWS servers, where he deleted data related to Voova’s customers.
The rampage cost the company £500,000 (US$650,000) in lost contracts, causing it to let a number of employees go. The data was never reconstituted. As World Backup Day (March 31) beckons, the case happens to exemplify the need for effective data protection and recovery strategies.
Needham wasn’t traced until 10 months after the data-wrecking spree, which occurred on May 17th and 18th, 2016. Earlier this month, Needham, now 36, was found guilty of two charges under the UK's Computer Misuse Act. He was sent to jail at Reading Crown Court following a nine-day trial.
“His actions, although just a matter of clicks on a computer, resulted in major financial loss to the company concerned, and people lost their jobs,” Giles Murphy, of the Cyber Crime team at Loddon Valley police station, was quoted as saying.
According to an earlier court report, the company had failed to implement multi-factor authentication, which would most probably have been enough to keep Needham at bay. Tighter internal controls so that more than one person is required for operations such as data deletions would also have foiled the rampage.
“We would like to remind companies to ensure that log in [sic] details of former employees are no longer accessible once they have parted ways,” Murphy said, dispensing another piece of advice to organizations that aim to protect their data from disgruntled insiders.