Ex-director cops community service after 5,000-file deletion spree on company Dropbox

A woman who deleted 5,000 files from her former company's Dropbox has been punished with community service – even though the business allegedly collapsed after her file-shredding spree.

Danielle Bulley, 58, of Tockwith in North Yorkshire, England, scrubbed her former business associate's Dropbox account after a company she was involved with collapsed and was resurrected without her.

York Crown Court heard on Wednesday how Bulley had spent five hours "permanently deleting more than 5,000 employee and supplier files and company manuals when she got into Letterbox Productions Ltd's cloud-based Dropbox," as the York Press newspaper reported.

She was charged with computer misuse offences under section 3 of the CMA 90, prompting police to note: "This is an unusual case and a rare criminal charge – very few people are ever convicted using this law."

Bulley and her business partner fell out after their previous venture, Property Press (Holdings) Ltd, went into insolvency, the court was told.

Police alleged in a statement after the hearing that Bulley's actions had cost Letterbox Productions almost £100,000. Detectives from North Yorkshire's Cyber Crime Unit investigated and found that "someone using Bulley's internet address" had accessed the Dropbox account.

Detectives further alleged that during questioning Bulley had "admitted deleting the files, which she thought she was entitled to do but knew it would disrupt the new company." The victim told the court that his new company folded shortly after the attack.

"It was done in revenge," commented a merciful Judge Simon Hickey, who gave Bulley an 18-month community order along with 80 hours' unpaid work.

Police worker Steven Harris said in a canned statement: "Ex-employees can pose a serious risk to a business because they are familiar with the company's IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation."

Bulley got off lightly. A similarly aggrieved ex-employee who exploited login credentials to target his former bosses received five months in prison late last year.

In 2019, 57 people were charged with Computer Misuse Act crimes, of which a dozen were female. One of those women received a prison sentence compared to 12 of the male criminals. It follows that the majority of Computer Misuse Act sentences are so-called out-of-court disposals, where community orders and other means are used to encourage offenders away from computer criminality. ®