An IT guy, who was tasked with locking out ex-employees from the company network, has been jailed after he logged in after being fired and wiped an office's computer storage drives.
Shannon Stafford, 50, was sent down for 12 months and a day by US federal district Judge Catherine Blake on Thursday. He will also have to pay his former bosses restitution totaling $193,258.10.
Following a four-day trial in Maryland, a jury in November found Stafford, of Crofton, Maryland, guilty [verdict, charges PDF] of intentional damage to a computer and attempted intentional damage to a computer.
Holy smokes! Ex-IT admin gets two years prison for trashing Army chaplains' serversREAD MORE
The case stems from the 2015 dismissal of Stafford at an unnamed business described by the Feds only as "a global company with thousands of employees and offices around the world." After a decade of working in tech support at the organization's Washington DC office, he was promoted in 2014 to an IT management role: specifically, technical site lead. By March 2015, though, he was demoted back to the helpdesk for poor performance, and eventually fired that August.
"As part of his duties, Stafford had access to the system login credentials of other employees and was authorized to use them in the course of performing his technical support duties," prosecutors noted.
"Stafford was also responsible for disabling company users’ network access credentials at the end of their employment."
On the day he was terminated, Stafford didn't return his work-issued MacBook Pro, went home, and that evening used the laptop and his home internet connection to repeatedly attempt to log into the company's network using his credentials and those of a former colleague. A couple of days later, in the early hours, he managed to get into his office PC remotely using the coworker's details. From there he was able to "delete all of the file storage drives used by the Washington office, then changed the password to access the storage management system," the Dept of Justice said.
The prosecutors went on:
The deletion of the files caused a severe disruption to the company’s operations and the loss of some customer and user data. Changing the password hindered the company’s efforts to determine what happened and restore access to its remaining files. As a result of the deletion of the network file storage drives, Washington users were unable to access their stored files for approximately three days, until the data could be restored from backups. Customer and user data that was not included in the most recent backup prior to Stafford’s deletion of the files was permanently lost.
Three days later, he tried again to log in using others' credentials and failed. A couple of days passed and the company warned Stafford to knock it off and leave the biz alone. He continued to try to log in, and at one point tried to get into the Baltimore office's network to also nuke its files. He was later nabbed by the Feds.
The one-year-and-a-day prison term marks a halfway point between the two years prosecutors had sought. Once his sentence is complete, Stafford will be subject to a further three years of supervised release, and is unlikely to be hired again as an IT worker. ®