Slightly off-topic because no PII seems to have been involved, but suppose he had decided to capture transactions instead of just crashing the system?
A 21-year-old Blaine man pleaded guilty yesterday in federal court in connection with sabotaging his former employer’s computer system after being terminated.
David Ernest Everett Jr. pleaded guilty to one count of intentional damage to a protected computer. Everett, who was charged on Dec. 1, 2008, entered his plea Jan. 12 in Minneapolis before United States District Court Judge Joan Ericksen.
According to Everett’s plea agreement, he was employed from July 2007 through March 18, 2008, by the Wand Corp. as a help-desk employee. Wand Corp. provides Point of Sale servers for a number of retail companies, including several fast-food restaurants. The servers are used to conduct cash register transactions, and are located within the restaurants. However, each server can be remotely administered by Wand using an Internet-based program.
Everett’s employment with Wand was terminated on March 18 and he was upset by the termination. On April 9, Everett admitted that he launched a malicious software attack on Wand client servers located in approximately 3,000 restaurants. Everett also admitted that he created three malicious files to perform the attack, which was designed to crash the client servers.
Everett launched the attack from his home computer, and was able to install the files on approximately 1,000 client servers.
In the early morning hours of April 10, the servers housed at Wand client facilities throughout the U.S. began to crash immediately after being turned on, and the systems stopped performing expected functions and stopped responding to commands. The server and its systems were completely non-operational.
Wand began an investigation, located the malicious files and was able to restore service to the client servers. The cost to Wand to investigate and rectify the damage caused by the installation of the malicious files was $48,770.
Source – U.S. DOJ