Woman who deliberately deleted firm’s Dropbox is sentenced

Woman who deliberately deleted firm's Dropbox is sentenced

58-year-old Danielle Bulley may not look like your typical cybercriminal, but the act of revenge she committed against a company had just as much impact as a conventional hacker breaking into a business’s servers and causing havoc.

As North Yorkshire police report, Bulley has been successfully prosecuted under the UK’s Computer Misuse Act after deleting thousands of important files from a company that went on to collapse.

Once upon a time, Bulley was a director of a business called Property Press that produced a weekly property newspaper focused on south east Devon.

At some point things turned sour, and Bulley resigned her position at the firm in 2018 before the company went into liquidation. However, fellow director Alan Marriott started a new business venture – without Bulley’s involvement – using the assets of the old firm.

Things clearly didn’t sit well with Bulley after her departure from the business, and several months after her resignation she managed to gain unauthorised access to the new company’s Dropbox account.

More than 5,000 documents were permanently erased, and the company claimed that the damage to business was so great that it could no longer operate, with people losing their jobs and a loss of almost £100,000.

Unable to continue to operate, the business was forced to close down.

When specialist police from North Yorkshire Police’s Cyber Crime Unit investigated, they discovered that the Dropbox account had been remotely accessed from an IP address associated with Danielle Bulley.

Under questioning, Bulley admitted that she had deleted the files, claiming that she believed she was entitled to do so, but knowing that it would cause chaos the business.

Detective Constable Steven Harris of the Cyber Crime Unit warned other companies of the threat which can be posed by former employees:

“Bulley’s actions had dire consequences for people’s livelihood. During our investigation, it became clear that Bulley had left the original company on a bad note, but the deletion of thousands of files containing vital information was catastrophic for the victim. It dealt the new business a blow from which it never recovered.”

“Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.”

Sentencing Bulley to an 18-month community order with 80 hours’ unpaid work, Judge Simon Hickey said: “It was done in revenge. She was a respectable woman, but had lost her good character.”

If someone is leaving your company, especially if they are quitting your firm under something of a cloud, you would be wise to check that they don’t know your business’s passwords or have retained access to sensitive information.

Passwords should be changed, and additional authentication methods should be in place to prevent unauthorised access. Dropbox, for instance, provides a two-step verification feature which all users would be wise to enable.

And if you believe you have been wronged by a former employer do not make the mistake of thinking your anger should be directed towards them through some criminal action. You may feel that you have not been fairly treated, but you will feel much worse if you end up with a criminal conviction.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: