I just read this press release from the FBI.
ST. LOUIS—The United States Attorney’s Office announced today that a former employee of a local shipping company has pleaded guilty to damaging their computer systems.
According to court documents, Jason Schrum was employed by Axis Worldwide Supply Chain & Logistics, Inc., a company that provides services related to international and interstate shipping and logistics, including shipping large materials used in construction projects. Schrum was a transportation manager for Axis and an administrator for their computer system until his termination over a dispute in April 2011. He then went to work for a competitor of Axis and had no reason to access their systems or any Axis computer after mid-May 2011. On June 12, 2011, in the late evening, without authorization, the Schrum accessed the Axis computer system and carried out numerous actions, including deleting customer shipment records, customer shipment history, and manipulated shipping rate tables. The company has estimated that the damage/cost was more than $25,000 to repair and correct. JASON SCHRUM, Desoto, Missouri, pled guilty to one felony count of computer fraud before United States District Judge Henry Autrey. Sentencing has been set for May 8, 2012.
This charge carries a maximum penalty of 10 years in prison and/or fines up to $250,000. In determining the actual sentences, a Judge is required to consider the U.S. Sentencing Guidelines, which provide recommended sentencing ranges.
This case was investigated by the Federal Bureau of Investigation. Assistant United States Attorney John Bodenhausen is handling the case for the U.S. Attorney’s Office.
When I see stories like this my questions are always:
What responsibilities do companies have when they let an employee go to make sure they no longer have access to their network?
Obviously what this guy did was bad but is there a legal liability for companies who have turn over in their IT shops to make sure their ex-employees cant access the network?