In the world of business, there are many lessons to be learned the hard way—especially when it comes to handling sensitive company assets like IT access. A recent case out of Singapore has highlighted just how crucial it is to immediately revoke access when an employee is let go. What might have seemed like an oversight led to a devastating loss for one tech company.
Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy
In October 2022, NCS, a major IT services provider, made the decision to terminate one of its engineers, Kandula Nagaraju, due to poor performance. Nagaraju, a 39-year-old engineer, was convinced that his work had made a positive impact within the company, and the dismissal left him feeling slighted. What happened next might seem like a script from a corporate thriller: Nagaraju, in a fit of frustration and vengeance, accessed NCS’s servers and caused extensive damage.
A Vengeful Employee and the Far-Reaching Consequences
NCS failed to disable Nagaraju’s IT access after his departure, a serious mistake that would lead to financial fallout. With his still-active credentials, Nagaraju returned to the company’s systems and began deleting virtual servers—servers used to test software before it was released to the market. These servers didn’t contain sensitive data, but their destruction resulted in significant operational setbacks, costing NCS more than $678,000 (around €630,000) in damages.
At the time of his termination, Nagaraju was part of a team responsible for quality control in software systems. The team relied on these virtual servers, often referred to as “sandboxes”, to test new programs without the risk of affecting live services. The loss of these servers disrupted testing and delayed project timelines, severely impacting the company’s bottom line.
The situation escalated when Nagaraju returned to India after being fired. From there, he accessed NCS’s systems at least six times between January and February 2023. The company only realized the breach when it noticed unauthorized access to its network. But Nagaraju didn’t stop there. He used a combination of personal tools and online resources, like Google, to create a program that would delete the servers. His persistence paid off, and by the end of his campaign, all 180 servers were gone.
The Investigation and Legal Repercussions
NCS launched an investigation once it became aware of the suspicious activity. They traced the connections to Nagaraju’s personal laptop by tracking the IP addresses used during his unauthorized access. Upon further inspection, authorities found the malicious code responsible for deleting the servers.
The company filed a lawsuit against Nagaraju, claiming damages of 917,832 Singapore dollars (approximately $678,000 USD). Nagaraju’s actions had a clear legal and financial impact, but it was not just about the lost servers. The case underscored how failing to secure company systems after an employee departure can have serious consequences.
In a Singaporean court, Nagaraju was found guilty of unauthorized access to the company’s network and the destruction of the virtual servers. He was sentenced to two years and eight months in prison for his role in the incident. This case serves as a stark reminder of how a disgruntled employee with unrevoked access can cause massive damage, and it highlights the need for companies to adopt stricter IT security measures when terminating staff.
NASA warns China could slow Earth’s rotation with one simple move
This dog endured 27 hours of labor and gave birth to a record-breaking number of puppies
A Cautionary Tale for All Companies
This incident at NCS should serve as a warning to businesses everywhere about the importance of managing IT access after employee dismissals. Revoking user credentials immediately can prevent malicious actors from using their access to harm the company. The damage, both financial and reputational, can be substantial if access is not properly managed.
In NCS’s case, the failure to act quickly cost the company not only money but also its reputation. As more companies continue to rely on complex IT infrastructure and virtual servers, managing access effectively has never been more critical. A single lapse in security protocols can open the door for devastating consequences.