A company neglected to revoke IT access after terminating an employee, resulting in significant financial loss.
A technology company in Singapore faced a huge loss after failing in a critical aspect of IT security – revoking access from a dismissed employee.
The incident resulted in the loss of almost R$4 million on virtual servers of company.
The carelessness that cost dearly
In October 2022, the company NCS fired the software engineer Kandula Nagaraju due to performance considered unsatisfactory.
- New cell phone brand arrives in Brazil with innovative silicon-carbon battery, capable of lasting up to three days on a single charge
- Mark Zuckerberg bets $65 billion on revolutionary new project after metaverse failure! Bold strategy could redefine the future of technology and digital business
- New Russian plasma engine could take spacecraft to Mars in 30 to 60 days
- This is how the Elevator works
However, what was supposed to be a routine shutdown turned into a corporate nightmare.
NCS failed to immediately revoke Nagaraju’s IT access, allowing him to use his credentials out of resentment to cause irreparable damage to the company’s systems.
Over the following months, the former employee accessed NCS's virtual servers and, using scripts found online, deleted 180 servers essential to software testing operations.
Although the servers did not store sensitive data, their destruction caused a halt in the company's internal processes, resulting in losses of almost R$4 million
A planned retaliation against the company's IT system
After his resignation, Nagaraju returned to India but kept his access credentials active. In January 2023, he made six unauthorized accesses to NCS systems using his personal laptop.
Upon returning to Singapore, where he started a new job, he continued to exploit vulnerabilities at his previous company.
Staying at a former colleague's house, he used the shared Wi-Fi network to mask his illicit activities.
Over the course of three months, Nagaraju worked out a detailed plan of retaliation. Using scripts obtained online, he developed a program that systematically deleted the company's virtual servers.
When executed, the code caused the complete loss of test systems, forcing NCS to dedicate resources to recovery.
The legal and business consequences
An internal investigation revealed the source of the unauthorized access and led to the identification of Nagaraju as the perpetrator of the attacks.
Singapore police located the code responsible for the destruction on his laptop, resulting in his arrest and subsequent conviction.
The Singapore court sentenced Nagaraju to two years and eight months in prison for unauthorized access and wilful damage.
The case served as a warning about the severity of digital retaliation in a world increasingly dependent on secure IT infrastructure.
For NCS, the losses were much more than financial. The incident exposed critical flaws in the company’s security protocols and tarnished its reputation in the technology industry.
Customers and partners questioned the company’s ability to protect their digital assets, demanding swift action to prevent future occurrences.
Lessons learned and preventive measures
This incident reinforced a fundamental principle that many companies neglect: revoking access immediately after an employee leaves.
NCS’s mistake highlighted how the lack of a rigorous offboarding process can lead to catastrophic operational and financial damage.
To avoid similar situations, security experts recommend the following preventive measures:
- Immediate revocation of access: Once an employee is terminated, all access credentials must be deactivated.
- Continuous monitoring: Periodic audits can identify unauthorized access attempts and prevent incidents.
- Multi-factor authentication: Using two-step authentication makes unauthorized access difficult even with compromised credentials.
- Clear IT policies: Well-defined rules on information security must be implemented for all employees.
Law of Physics, Where all empty space is occupied
What a trip, I have the same name as the guy there, and on the same day we saw the same post
Well done. At the very least, they gave the poor guy absurd goals to achieve, fired him claiming dissatisfaction and then complained about revenge.
Revenge is a dish that is eaten cold and with asparagus.