Company Loses €630,000 in Virtual Servers After Failing to Revoke Access from Fired Employee

A recent case in Singapore serves as a stark reminder of the risks associated with neglecting IT access management during employee terminations. When a technology services company, NCS, let go of an engineer for poor performance, they failed to revoke his system access—a mistake that would cost them dearly.

The former employee, Kandula Nagaraju, 39, felt unfairly dismissed and took matters into his own hands. Using his still-active credentials, he gained unauthorized access to the company’s systems, wreaking havoc on their infrastructure. The damage? The deletion of 180 virtual servers, resulting in losses of over €630,000.

Virtual Servers as the Heart of Operations

NCS specializes in IT and communication services, and these virtual servers were crucial for their software testing operations. Acting as a “sandbox” environment, they allowed the company to develop and validate software before release. Although these servers didn’t house sensitive customer data, their destruction disrupted ongoing projects and caused significant financial and operational setbacks.

Nagaraju, a former member of the quality control team, had been responsible for managing these servers. His dismissal in October 2022 left him feeling undervalued, despite his perceived contributions to the company. The oversight in not revoking his access paved the way for a calculated act of sabotage.

A Deliberate Act of Revenge

After being fired, Nagaraju returned to India but retained his system credentials. In January 2023, he accessed NCS’s servers six times from his personal laptop, deleting crucial infrastructure. He later returned to Singapore for a new job but continued his activities. Exploiting his living arrangement with a former colleague, he used the shared Wi-Fi network to mask his actions.

Over the next few months, Nagaraju developed a program to target and erase NCS’s servers. Using fragments of scripts sourced online, he methodically executed his plan, culminating in the deletion of all 180 servers. His actions were deliberate and carefully timed, underscoring the potential consequences of poor cybersecurity protocols.

Tracing the Damage

When unauthorized access was detected, NCS launched an internal investigation that led to Nagaraju. Traces of the program used to delete the servers were found on his personal laptop, along with IP addresses linking him to the activity. NCS pursued legal action, filing a claim for over 678,000 USD in damages.

Singapore’s legal system took the case seriously. Nagaraju was convicted of unauthorized access and destruction of corporate systems, resulting in a prison sentence of two years and eight months. His case serves as a cautionary tale about the risks companies face when they fail to secure their IT assets during offboarding.

Lessons for Businesses

This incident underscores the critical importance of IT security protocols during employee departures. Ensuring that access rights are revoked immediately upon termination should be standard practice for any organization. The failure to do so not only leaves systems vulnerable but can also lead to financial losses, reputational damage, and legal complications.

In NCS’s case, the financial hit was severe, but the reputational harm may linger longer. The story has become a wake-up call for businesses worldwide, highlighting the need for stringent cybersecurity measures and robust offboarding processes.

For organizations, the lesson is clear: protecting IT systems from internal threats is as vital as safeguarding against external attacks. After all, the most dangerous breaches can come from those who once had trusted access.