The woman, Medghyne Calonge, was found guilty of intentionally causing damage to a protected computer and recklessly causing damage. The United States Attorney for the Southern District of New York, announced the guilty verdict earlier this month.
Calonge began to act out after she was terminated by a Manhattan-based online provider of professional services, where she was serving as the head of human resources in the company's St. Petersburg, Florida, office. Authorities didn't specify the company.
On June 28, 2019, Calonge was fired for "failing to meet the minimum requirements of her job after, among other things, she improperly downgraded a colleague’s access to a computer system following an argument with the colleague," the U.S. Attorney’s Office said.
Before being escorted from the building, Calonge was seen by two company employees "repeatedly hitting the delete key on her desktop computer."
Later, Calonge logged into the company’s computer system that was used to manage applications for employment at the company.
Over the next two days, she "rampaged through [the system] deleting over 17,000 job applications and resumes, and leaving messages with profanities inside the system," according to the U.S. Attorney’s Office.
Ultimately, she destroyed all of the company’s data in that computer system, forcing the company to spend over $100,000 to rebuild the system.
The case is being handled by the U.S. Attorney's Complex Frauds and Cybercrime Unit. Sentencing for the crimes will come later.
Fired employees vent anger on employer’s computers
Earlier this year, a federal grand jury in Cleveland returned an indictment against software developer Davis Lu, accused of executing malicious code on his employer's computer servers.
On August 4, 2019, the company’s servers "experienced a disruption that crashed production servers and prevented employees from accessing those servers," the U.S. Attorney’s Office Northern District of Ohio said in an April announcement.
The company investigated the source of the problem and discovered unauthorized code installed on a server, "causing that server to create an infinite loop and crash," according to the indictment.
It was also alleged that the company found code that deleted files associated with user profiles.
An indictment is only a charge and is not evidence of guilt, the U.S. Attorney’s Office said.
In another case, a man, who worked as an information technology administrator at a medical center, was fired. He then gained access to the employer’s network without authorization.
Then he proceeded to delete the medical center’s employee user accounts, disable computer accounts, and delete its file server, the U.S. Attorney’s Office District of Delaware said.
He was sentenced to six months of home confinement.