The West Yorkshire Police provide today’s reminder of the insider threat and the need to terminate access and credentials before you terminate an employee’s employment:
A disgruntled IT worker who launched a cyber attack on his employer after he was suspended from work has been jailed.
Mohammed Umar Taj began to take revenge on his Huddersfield-based employer within hours of being suspended from work in July 2022.
He caused significant disruption to the company causing them to lose at least £200,000 in lost business as well as reputational harm.
Taj gained access to the company’s premises and unlawfully accessed computer systems to deliberately alter login credentials to disrupt the company’s day to day activities.
A day later, Taj changed access credentials and the company’s multi-factor authentication so that he could adversely impact the activities of the firm’s clients both in the UK and overseas in Germany and Bahrain.
He kept recordings of his activities and discussed the attack on phone recordings recovered forensically by investigators from West Yorkshire Police’s cyber team.
Appearing before Leeds Crown Court for sentencing yesterday (26/6), Taj, aged 31, of Hyrst Garth, Batley, who had admitted a charge of committing unauthorised acts with intent to impair the operation of or hindering access to a computer at a previous hearing, was sentenced to seven months and 14 days custody.
Detective Sergeant Lindsey Brants of West Yorkshire Police’s Cyber Crime Team said: “Taj set out to get revenge on his employer following his suspension from work. He did so by targeting their IT system, which he had privileged access to.
“By doing this he created a ripple effect of disruption far beyond the shores of the UK.
“Protecting your network prevents data loss and costly cyber attacks. It also maintains trust with clients and stakeholders. We urge all businesses to look at their network security.”
Did the unnamed employer not disable his credentials and change passwords before they suspended him? How was he gaining access after suspension?
A search for records on “Mohammed Umar Taj ” reveals that he incorporated what appears to be his own business called TJ Performance Ltd, with himself as Director, in August 2024.