A long time ago (over 20 years) I was working as a consultant and was called into a bank. They told me that they wanted me to sit in on a disciplinary meeting - they had uncovered evidence that their chief network engineer of 10 years was looking through personnel records. They wanted me to "back up" their evidence if their network engineer denied it.
I took a minute to think and told them that this wouldn't work. I told them that they had lost trust in their chief network engineer and that they had no choice but to replace him. Disciplining him and then putting him back on the network was just asking for trouble, I told them.
To their credit, they listened to me, and so instead of sitting in on a disciplinary meeting I assisted them in prepping to change all his passwords while he was in a dismissal meeting (to avoid just such a problem as we see in this article.)
That's when the fun began. It turned out that he had set up a hot backup of all the primary systems. Over T1 lines. To his apartment. He had half a dozen primary backup servers in his apartment.
So that involved a lot of effort and negotiation but he cooperated and we pulled all those systems back and finally wrapped things up with him, or so I thought.
About six months later the bank calls me again - they think they have a hacker. The systems are suffering all these weird errors, especially mid-day. I'd seen behavior like this before and figured it was a problem in network communications. Finally I figured out the problem...
When we had dismissed the network engineer we had changed his passwords and done all that stuff. But what we HADN'T done was contacted the ISP and taken the engineer's name off the list of people authorized to make changes. And so six months after he was let go the network engineer had called up, voice, and asked the ISP engineers with whom he was familiar to have the bank's network bandwidth reduced to 56k. He didn't terminate it, that would have been noticed immediately. Instead, he reduced it to the minimum connection available while remaining in service.
The bank didn't take any action against him, but I added that note to my list of things to change when terminating trusted personnel.