Portuguese 
English 
Spanish 
3 min of reading 
34 comments 
A Company Neglected The Revocation Of IT Access After Firing An Employee, Resulting In A Major Financial Loss.
A technology company in Singapore faced enormous losses after failing in a critical aspect of IT security – the revocation of access from a terminated employee.
The incident resulted in the loss of nearly R$ 4 million in virtual servers of the company.
The Carelessness That Cost Dearly
In October 2022, NCS fired software engineer Kandula Nagaraju due to unsatisfactory performance.
-
A study proposes transforming the Moon into a kind of quarantine center for samples brought from Mars and other worlds, creating a sterile and isolated barrier that would filter any unknown organisms before the material reaches Earth and its ecosystems.
-
Wax notebook falls into latrine 800 years ago, survives intact in Germany and reveals Latin notes that may expose the routine of a high-status medieval merchant.
-
After more than 11 years orbiting Mars, NASA declared the MAVEN probe lost, which disappeared after passing behind the Red Planet in December, began to spin abnormally, depleted its batteries, and never responded to controllers on Earth again.
-
China creates a capsule with artificial intelligence that scans the stomach in just 8 minutes and can reduce costs by up to R$ 1,400, paving the way for a new era of gastrointestinal diagnostics without tubes, sedation, and discomfort for patients.
However, what should have been a routine termination turned into a corporate nightmare.
NCS did not immediately revoke Nagaraju’s IT access, allowing him, driven by resentment, to use his credentials to cause irreparable damage to the company’s systems.
In the following months, the former employee accessed NCS’s virtual servers and, using scripts found online, deleted 180 servers essential for software testing operations.
Although the servers did not store sensitive data, their destruction caused a halt in the company’s internal processes, resulting in losses of nearly R$ 4 million.
A Planned Retaliation Against The Company’s IT System
After his dismissal, Nagaraju returned to India but kept his access credentials active. In January 2023, he made six unauthorized accesses to NCS’s systems using his personal laptop.
Upon returning to Singapore, where he started a new job, he continued exploring vulnerabilities of his previous employer.
Staying at a former colleague’s house, he used the shared Wi-Fi network to mask his illicit activities.
For three months, Nagaraju devised a meticulous retaliation plan. Using scripts obtained online, he developed a program that systematically deleted the company’s virtual servers.
When executed, the code resulted in the complete loss of testing systems, forcing NCS to allocate resources for recovery.
The Legal and Business Consequences
An internal investigation revealed the source of the unauthorized access and led to the identification of Nagaraju as the author of the attacks.
The Singapore police located the code responsible for the destruction on his laptop, resulting in his arrest and subsequent conviction.
The Singapore court sentenced Nagaraju to two years and eight months in prison for unauthorized access and intentional damage.
The case served as a warning about the severity of digital retaliation in an increasingly reliance on secure IT infrastructure.
For NCS, the losses were far more than financial. The incident exposed critical failures in the company’s security protocols and tarnished its reputation in the technology sector.
Clients and partners questioned the company’s ability to protect its digital assets, demanding swift measures to prevent future occurrences.
Lessons Learned and Preventive Measures
This incident reinforced a fundamental principle that many companies neglect: revoke access immediately upon an employee’s termination.
NCS’s mistake highlighted how the lack of a rigorous offboarding process can lead to catastrophic operational and financial damages.
To avoid similar situations, security experts recommend the following preventive measures:
- Immediate Revocation Of Access: As soon as an employee is terminated, all access credentials should be disabled.
- Continuous Monitoring: Periodic audits can identify attempts of unauthorized access and prevent incidents.
- Multi-Factor Authentication: The use of two-step authentication makes unauthorized access difficult even with compromised credentials.
- Clear IT Policies: Well-defined rules on information security should be implemented for all employees.
Bem feito.. eu faria o mesmo ou até pior . devem ter sacaneado muito o cara .metas e cobrança absurdas com chefes puxa saco e incapacitados
O cara poderia ter tomado outro rumo sem optar pela vingança,ele se queimou nessa área!!
Muito ****