[BreachExchange] The password blunder which let sacked worker hack into her former employer's computer system

[Destry Winant]

https://www.gazettelive.co.uk/news/teesside-news/password-blunder-sacked-worker-hack-16586213

A sacked worker hacked into her ex-employer’s computer system after
the firm failed to change IT access and password following her
departure.

The 26-year-old woman, from Whitby , was arrested after gaining
unauthorised access to the company’s system and deleting data.

North Yorkshire Police said the woman had previously worked for the
firm and had been sacked for unsatisfactory performance.

But she managed to gain access after the company failed to change
passwords following her departure.

She has now been cautioned after admitting unauthorised acts with
intent to impair operation of, or prevent or hinder access to a
computer.

The force has now urged companies to protect their businesses against
security threats.

North Yorkshire Police’s cyber crime investigator Andrew Rawlings
said: “Unfortunately, when the employee in this case was dismissed the
business did not review their permissions and access privileges or
implement password changes.

“It was this oversight which allowed the offender to easily re-gain
access to the administration side of the business computer systems.

“North Yorkshire Police’s Cyber Crime Unit strongly encourage all
businesses to have a policy in place which should be implemented when
an employee, not only leaves the company but also when they change
roles within the company.

“The policy should include reviewing what access privileges each
employee requires in order to fulfil their role and any they do not
require should be blocked.

“It should also include the suspension of the employee account when
they leave the company.”