The former systems administrator of an American department store has been arrested after allegedly hacking into his ex-employer’s private network to give his former colleagues paid holidays.
New Yorker Hector Navarro is accused of creating a “superuser” account that allowed him to access a computer system of Century 21 after he resigned from his position at the company.
Navarro worked as a human resources systems administrator at the Manhattan branch of the department store from 2012 to October 2019. Through his role, the defendant had access to the company’s data management and timekeeping system.
The 30-year-old is accused of accessing a network of his former employer from his Brooklyn apartment to tamper with data. It is further alleged that Navarro deleted data to prevent consultants hired to replace him from accessing Century 21’s computer network.
The Manhattan District Attorney’s Office stated: “Prior to his last day, he stole employee data from the company and created an unauthorized ‘superuser’ account on the company’s network—which allowed him access to the network after his resignation.”
The department store discovered the security breach after Navarro’s replacements were unable to get into the system. An investigation by the company determined that changes had been made to Century 21’s holiday payroll policy.
As a result of the changes, certain employees would have been paid for holidays even if they had not worked on those particular dates. Century 21 spent thousands of dollars to correct the changes and deletions allegedly made by Navarro.
“If left undetected, this former employee’s alleged tampering could have cost Century 21 more than $50,000,” said District Attorney Cy Vance.
“Unauthorized access to computer networks and the theft of valuable proprietary data are serious threats to the Manhattan business community.”
A New York Supreme Court indictment has charged Navarro with attempted grand larceny in the second degree, criminal mischief in the second degree, computer tampering in the third degree, computer trespass, petit larceny, and the criminal possession of stolen property.
Source: Infosecurity Magazine