14 DAY TRIAL // A senior database administrator who hacked into the computer network of his former employer and damaged a customer database has been sentenced to one year in prison. He was also accused of downloading a file containing the personal identification information of 150,000 people.
Steven Jinwoo Kim, 40, was fired from his position of senior database administrator at GEXA Energy, a Houston retail electric utility provider, in February 2008. Two months later Kim managed to obtain access to his former employer's computer network, despite having his credentials revoked at the time of his departure.
According to authorities, during this intrusion, he intentionally caused damage to the GEXA Energy Management System (GEMS) database, which houses billing information, by sending malicious commands. He also downloaded a database table which contained identification information like names, dates of birth, Social Security Numbers, billing addresses and driver license numbers for 150,000 of the company's customers.
Kim was arrested and subsequently indicted in June 2009 for intentionally damaging a protected computer system and aggravated identity theft. In November he pleaded guilty to one count of unauthorized access a protected computer and recklessly causing damage.
The one year prison sentence that was handed down to Kim on Tuesday, also carries a period of probation of three years. The judge ordered him to pay $100,000 to GEXA as restitution for the damages incurred by the company.
Security experts warn that disgruntled ex-employees are a constant threat to businesses and recommend enforcing strong access control policies as well as revoking credentials immediately after a person was fired. The last such incident we covered involved a former Texas Auto Center worker, who hacked back into the company's system and remotely disabled over one hundred cars sold by the dealearship.
One of the most high profile cases involving disgruntled employees is that of former San Francisco network administrator Terry Childs, who locked everyone out of the city's multimillion-dollar network. He only released the password after San Francisco mayor Gavin Newsom visited him in his jail cell.
You can follow the editor on Twitter @lconstantin