More Tags

Subscribe to Email Updates

Popular Stories

MAP Network Exchange Launches in partnership with PULSE
What Consumers Should Know About the Credit Card Competition Act
Using AI to Detect Fraudulent Transactions could be Powerful
FedNow: Changing the Game for Real-Time Payments
First-Party Fraud - The Not So Friendly Fraud Reality
Written by Cyndie Martini
on September 28, 2021

The story of a fired employee deleting 21.3 gigabytes of data from an NYC credit union is a common tale of weak security. 2020 will go on record for the sheer number of ransomware attacks against US businesses and government entities such as police stations. Many of those attacks were able to succeed because of weak security systems.

However, external attacks aren't the only source that credit unions need to be aware of. Employees have access to sensitive data, which makes them a security vulnerability. We've seen this vulnerability play out many times through weak passwords, clicking links within an email from an untrusted source, sharing passwords, and other weak security practices.

The NYC credit union attack took place at the end of May 2021. The former employee, Juliana Barile, 35, of Brooklyn, was able to log into the credit union's system two days after being fired and delete 21.3 gigabytes of data from the credit union's server. You might ask how that is possible since employee access is disabled once an employee is fired. That's a great question.

It goes back to the weakest link in a security system, often being the human link. At this particular credit union, which is unnamed in court documents, its IT department did not disable the employee's access, even though management sent a request to disable it. This failure allowed Barile to delete more than 20,000 files and almost 3,500 directories worth of data.

So far, the credit union has spent $10,000 to remediate the IT issues. However, that tab is likely to climb by quite a bit more. The credit union did have some backups of the destroyed data. The deleted data consisted mostly of mortgage applications. Barile also deleted the credit union's ransomware protection software.

Barile pled guilty to charges in court and is expected to face six to 12 months in prison.


Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:


Tips For Preventing Ransomeware

Once you've been the victim of a ransomware attack, it's already too late. The only practical solution is to pay up. Eve...


The Increase In Ransomware Attacks Have Exploded

Ransomeware has been on the rise, with spectacular growth from 2018 to 2020. Its spread has been helped by the availabil...


Ransomeware 2.0

In early February 2019, the Credit Union National Association's (CUNA) website was knocked offline due to a ransomware a...