The "insider threat" is a favorite term of vendors pushing access monitoring solutions, but research has shown malicious insider breaches are not the most common ways for data to leak out of your organization.
Still, when they happen, the results can be serious, both for the business and the person who gets caught. A former senior database administrator for GEXA Energy in Houston found that out the hard way today when he was sentenced to 12 months in prison for hacking into his former employer's computer network.
Steven Jinwoo Kim, 40, of Houston pleaded guilty on Nov. 16, 2009, to one count of intentionally accessing a protected computer without authorization and recklessly causing damage. In addition to a year in prison, he was also ordered to pay $100,000 in restitution to GEXA Energy and to serve three years of supervised release when his prison term is completed.
According to court documents, GEXA Energy fired Kim Feb. 5, 2008, from his job as DBA and revoked all his administrative rights and access to the company's computer network. As part of his guilty plea, Kim admitted that in the early hours of April 30, 2008, he used his home computer to connect to the company's network and a database that contained information on some 150,000 customers.
Once connected to the network, Kim wreaked havoc by inputting various Oracle database commands, and also copied and saved to his home computer a database file containing personal information on GEXA Energy customers, including names, billing addresses, social security numbers, dates of birth and drivers license numbers.
All totaled, Kim's actions caused a $100,000 loss to GEXA Energy, according to court documents.