1. Home
  2. / Science and Technology
  3. / Company fired an employee but did not revoke his IT access — Later, the former employee caused millions in losses
reading time 3 min read Comments 34 comments

Company fired an employee but did not revoke his IT access — Later, the former employee caused millions in losses

Published 23/01/2025 às 12:19
TI
Photo: Reproduction

A company neglected to revoke IT access after terminating an employee, resulting in significant financial loss.

A technology company in Singapore faced a huge loss after failing in a critical aspect of IT security – revoking access from a dismissed employee.

The incident resulted in the loss of almost R$4 million on virtual servers of company.

The carelessness that cost dearly

In October 2022, the company NCS fired the software engineer Kandula Nagaraju due to performance considered unsatisfactory.

However, what was supposed to be a routine shutdown turned into a corporate nightmare.

NCS failed to immediately revoke Nagaraju’s IT access, allowing him to use his credentials out of resentment to cause irreparable damage to the company’s systems.

Over the following months, the former employee accessed NCS's virtual servers and, using scripts found online, deleted 180 servers essential to software testing operations.

Although the servers did not store sensitive data, their destruction caused a halt in the company's internal processes, resulting in losses of almost R$4 million

A planned retaliation against the company's IT system

After his resignation, Nagaraju returned to India but kept his access credentials active. In January 2023, he made six unauthorized accesses to NCS systems using his personal laptop.

Upon returning to Singapore, where he started a new job, he continued to exploit vulnerabilities at his previous company.

Staying at a former colleague's house, he used the shared Wi-Fi network to mask his illicit activities.

Over the course of three months, Nagaraju worked out a detailed plan of retaliation. Using scripts obtained online, he developed a program that systematically deleted the company's virtual servers.

When executed, the code caused the complete loss of test systems, forcing NCS to dedicate resources to recovery.

The legal and business consequences

An internal investigation revealed the source of the unauthorized access and led to the identification of Nagaraju as the perpetrator of the attacks.

Singapore police located the code responsible for the destruction on his laptop, resulting in his arrest and subsequent conviction.

The Singapore court sentenced Nagaraju to two years and eight months in prison for unauthorized access and wilful damage.

The case served as a warning about the severity of digital retaliation in a world increasingly dependent on secure IT infrastructure.

For NCS, the losses were much more than financial. The incident exposed critical flaws in the company’s security protocols and tarnished its reputation in the technology industry.

Customers and partners questioned the company’s ability to protect their digital assets, demanding swift action to prevent future occurrences.

Lessons learned and preventive measures

This incident reinforced a fundamental principle that many companies neglect: revoking access immediately after an employee leaves.

NCS’s mistake highlighted how the lack of a rigorous offboarding process can lead to catastrophic operational and financial damage.

To avoid similar situations, security experts recommend the following preventive measures:

  • Immediate revocation of access: Once an employee is terminated, all access credentials must be deactivated.
  • Continuous monitoring: Periodic audits can identify unauthorized access attempts and prevent incidents.
  • Multi-factor authentication: Using two-step authentication makes unauthorized access difficult even with compromised credentials.
  • Clear IT policies: Well-defined rules on information security must be implemented for all employees.

  • Reaction
  • Reaction
  • Reaction
  • Reaction
  • Reaction
  • Reaction
85 people reacted to this.
React to article
Registration
Notify
guest
34 Comments
Older
Last Most voted
Feedbacks
View all comments
Renato Soares
Renato Soares
23/01/2025 18:35

Law of Physics, Where all empty space is occupied

Renato Soares
Renato Soares
23/01/2025 20:41

What a trip, I have the same name as the guy there, and on the same day we saw the same post

Renato Soares
Renato Soares
23/01/2025 21:21

Well done. At the very least, they gave the poor guy absurd goals to achieve, fired him claiming dissatisfaction and then complained about revenge.
Revenge is a dish that is eaten cold and with asparagus.

Tags
Fabio Lucas Carvalho

Journalist specializing in a wide range of topics, such as cars, technology, politics, shipbuilding, geopolitics, renewable energy and economics. I have been working since 2015 with prominent publications in major news portals. My degree in Information Technology Management from Faculdade de Petrolina (Facape) adds a unique technical perspective to my analyses and reports. With over 10 thousand articles published in renowned media outlets, I always seek to bring detailed information and relevant insights to the reader. For story suggestions or any questions, please contact me by email at flclucas@hotmail.com.

Share across apps
0
We would love your opinion on this subject, comment!x