I like to think that people should be treated honourably when management decides that an employee has to go.
But the fact is that a number of staffers do get angry and try to take their rage out on the employer’s IT systems, which is why when the pink slips are handed out staff it’s standard practice to not let them into the office to clean out their desks for a day or two to let them cool off. It’s so easy with a few keystrokes to wreak havoc.
The latest proof is a report that the former IT security architect of recently-breached Home Depot, Rickey Joe Mitchell wreaked some havoc on his employer at the time, an energy company, who he’d learned was about to fire him.
Quoting a U.S. justice department press release after he was convicted earlier this year of sabotaging the energy company, Mitchell entered the office after business hours, disconnected critical pieces of network equipment, and disabled the equipment’s cooling system. As a result of his actions, the company permanently lost some of its data and spent hundreds of thousands of dollars repairing equipment and recovering historical data. It took a month to bring the company’s office back online, costing the company as much as $1 million in lost business.
About a month after this happened in 2012, Mitchell was hired by Home Depot.
This has come out as people begin to look into the Home Depot breach in Canada and the U.S., with the exposure of an estimated 52 million credit card transactions, and why it happened. Whether the company’s IT systems were properly prepared and Mitchell’s efforts in overseeing security are among the questions that need to be answered. It may come out publicly.
The company’s version is that the BlackPOS malware that apparently infected self-service checkout machines hadn’t been seen before and would unlikely have been spotted by most IT security systems. On the other hand, there are reports that the company didn’t do regular network scans that might have spotted data departing from POS machines, One report is that when staff asked for additional security training and equipment, unnamed managers refused. “We sell hammers,” they allegedly explained.