The California District Court has ordered a private security officer to pay $318,661 to his former employer as damages for hacking into the latter’s digital server.
The convicted employee hacked into his employer’s server in 2014 to manipulate his working hours and earn thousands in overtime wages.
Security Specialists, the former employer of the now-convicted Yovan Garcia, noticed certain manipulations in Mr Garcia’s pay records, which reflected that he worked over 12 hours in certain days when in fact he had worked only eight hours.
They noticed that by hacking into their server, he had earned himself thousands of dollars in overtime wages which he wasn’t entitled to. However, after they fired him, Garcia not only hacked their server again to steal valuable data, but also defaced the company’s website.
Security Specialists alleged in the court that Mr Garcia’s hacking had resulted in debilitating damage and that he had changed the website’s header into ‘Are You Ready’ with an ‘unflattering picture’ of a senior employee.
They further alleged that that Garcia stole e-mails and other information to ‘lure away’ employees to a rival company which he had set up after being sacked. All of these charges were accepted by the Court and it may also direct Mr Garcia to pay an amount equivalent to Security Specialists’ legal costs at a later date.
This case is a classic example of businesses around the globe being rendered vulnerable to unregulated insider attacks. A recent report released by security firm Bomgar revealed alarming levels of negligence and lack of adherence to cyber-security protocols by company employees both in the United States and in Europe. The report dealt with the level of administrative access which companies provide to their employees as well as to third party vendors, and how such access can put secure business data at risk. As of now, only 37% of businesses have complete visibility into which employees have privileged access.
“It only takes one employee to leave an organization vulnerable. With the continuation of high-profile data breaches, many of which were caused by compromised privileged access and credentials, it’s crucial that organizations control, manage, and monitor privileged access to their networks to mitigate that risk,” said Matt Dircks, CEO at Bomgar.