Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
What just happened? There's been another example of why disgruntled IT workers should think twice before sabotaging their current or former company's networks. A man in the UK has just been sentenced to seven months in prison for such an act, which included changing employee login credentials and multifactor authentication settings.
Police in West Yorkshire say (via The Reg) that Mohammed Umar Taj, 31, was suspended from his job in July 2022. But the company made the mistake of failing to block his network credentials straight away.
In what is said to be an act of revenge, Taj changed employee login credentials within hours of his suspension in an effort to disrupt the company's day-to-day activities. A day later, Taj changed more access credentials and altered the firm's MFA system, impacting clients in the UK, Germany, and Bahrain.
In what sounds like another poor decision on his part, Taj logged his daily activities and discussed the attack on phone recordings that were recovered by the local police's cyber team.
When your login and MFA don't work
It's estimated that Taj's actions caused the company £200,000 ($274,494) in lost business and reputational harm. At Leeds Crown Court last week, he pleaded guilty to one count of committing unauthorized acts with intent to impair the operation of or to hinder access to a computer. He was sentenced to seven months and 14 days in prison.
"Protecting your network prevents data loss and costly cyberattacks. It also maintains trust with clients and stakeholders," said Detective Sergeant Lindsey Brants of West Yorkshire Police's Cyber Crime Team. "We urge all businesses to look at their network security."
This is just the latest of many instances in which disgruntled IT workers have taken revenge on a company. One of the most recent was reported in March. It involved a developer who installed malware onto his employer's systems that would activate if he were ever fired. Upon being terminated in 2019, his code created infinite loops, deleted coworker profile files, and locked out all users. He faces up to 10 years in prison for his actions.
There was also the case of the former National Computer Systems (NCS) employee who was sentenced to nearly three years in prison in 2024 for deleting 180 test servers after being fired, costing the company almost $680,000.
English (US) ·