Here’s today’s reminder why you need to be sure to terminate access when you fire someone. How did she still have access two days later? It will be interesting to see what her sentence is and how much restitution she will have to pay.
Audrey Strauss, the United States Attorney for the Southern District of New York, announced that a jury returned a guilty verdict today against MEDGHYNE CALONGE, on one count of intentionally causing damage to a protected computer, and one count of accessing a protected computer and recklessly causing damage. Both counts relate to CALONGE’s deletion of tens of thousands of human resources records of her former employer (“Employer-1”). U.S. District Judge Gregory H. Woods presided over the six-day trial.
U.S. Attorney Audrey Strauss said: “As a unanimous jury found today, Medghyne Calonge intentionally and maliciously caused severe damage to the computers of her former employer. Her actions wiped out information vitally important to the employer company, and cost the company money and time to repair. Now Calonge awaits sentencing for her crimes.”
According to the Indictment and the evidence at trial:
In January 2019, CALONGE was hired by Employer-1, a Manhattan-based online provider of professional services, to serve as the head of human resources in their St. Petersburg, Florida, office. On June 28, 2019, CALONGE was terminated for failing to meet the minimum requirements of her job after, among other things, she improperly downgraded a colleague’s access to a computer system following an argument with the colleague.
While she was being terminated, and just before she was escorted from the building, CALONGE was observed by two employees of Employee-1 repeatedly hitting the delete key on her desktop computer. Several hours later, CALONGE logged into a system (“System-1”) used by Employer‑1 to receive and manage applications for employment with the company, which the company had invested two years and over $100,000 to build. During the next two days, CALONGE rampaged through System-1, deleting over 17,000 job applications and resumes, and leaving messages with profanities inside the system. Ultimately, CALONGE completely destroyed all of Employer-1’s data in System-1. Employer-1 subsequently spent over $100,000 to investigate and respond to the incident and to rebuild System-1. To this day, Employer-1 has been unable to recover all of its data.
* * *
CALONGE, 41, of Tampa, Florida, was convicted of one count of intentionally damaging computers, which carries a maximum prison term of 10 years, and one count of recklessly damaging computers, which carries a maximum prison term of five years.
The statutory maximum penalties are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant would be determined by the judge.
Ms. Strauss praised the outstanding work of the Federal Bureau of Investigation.
The case is being handled by the Office’s Complex Frauds and Cybercrime Unit. Assistant United States Attorneys Timothy V. Capozzi and Louis A. Pellegrino are in charge of the prosecution.