HR and Sysadmin
Someone in HR and a Sysadmin at Excl should have been sacked over allowing this to happen. There's no excuse for this and could well have cost the company lots of money.
The former president of transportation logistics firm Exel has been found guilty of hacking into the servers of his former employer to glean secrets for his new business. A federal jury found Michael Musacchio, 61, guilty of one felony count of conspiracy to make unauthorized access to a protected computer (hacking) and two …
It's not totally their fault. From another site:
"In an Oct. 14, 2005, e-mail that was turned over by the defendants, TTS founder Mike Musacchio asks Exel employee Joseph Roy Brown "... how are we going to get into email after you leave?" Mr. Brown, who left Exel to join TTS only days later as its Vice President - Information Technology, sent the reply "I have the back door password that only I know and no one else can change."
It doesn't sound like it was as simple as their accounts not being deactivated when they left.
Joiners, Movers and Leaver processes not effective. A manager could have triggered the process informing HR of the resignation or dismissal of the employee. HR will confirm and inform IT to disable or remove such accounts. Compliance thus require audit trail so disabling the account will be sufficient.
Oh hang on... there was a backdoor right? Is this through external email access or some kind of secured tunnel. Hmm, nothing new here..Oh well, erm, they the organisation may still be compliant with a number of regulations yet these sort of things still happens.
/me ducks again
Biting the hand that feeds IT © 1998–2021