BEST OF THE WEB

Home Depot’s security architect had a temper over earlier dismissal

I like to think that people should be treated honourably when management decides that an employee has to go.

But the fact is that a number of staffers do get angry and try to take their rage out on the employer’s IT systems, which is why when the pink slips are handed out staff it’s standard practice to not let them into the office to clean out their desks for a day or two to let them cool off. It’s so easy with a few keystrokes to wreak havoc.

The latest proof is a report that the former IT security architect of recently-breached Home Depot, Rickey Joe Mitchell wreaked some havoc on his employer at the time, an energy company, who he’d learned was about to fire him.

Quoting a U.S. justice department press release after he was convicted earlier this year of sabotaging the energy company, Mitchell entered the office after business hours, disconnected critical pieces of network equipment, and disabled the equipment’s cooling system. As a result of his actions, the company permanently lost some of its data and spent hundreds of thousands of dollars repairing equipment and recovering historical data. It took a month to bring the company’s office back online, costing the company as much as $1 million in lost business.

About a month after this happened in 2012, Mitchell was hired by Home Depot.

This has come out as people begin to look into the Home Depot breach in Canada and the U.S., with the exposure of an estimated 52 million credit card transactions, and why it happened. Whether the company’s IT systems were properly prepared and Mitchell’s efforts in overseeing security are among the questions that need to be answered. It may come out publicly.

The company’s version is that the BlackPOS  malware that apparently infected self-service checkout machines hadn’t been seen before and would unlikely have been spotted by most IT security systems. On the other hand, there are reports that the company didn’t do regular network scans that might have spotted data departing from POS machines, One report is that when staff asked for additional security training and equipment, unnamed managers refused. “We sell hammers,” they allegedly explained.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web