Charles Rusnel and Jennie Russell report on a massive insider breach affecting NorQuest College executives and employees. The breach seems to have occurred in 2012, but is first coming to light.
At the heart of the breach is Clarence Orleski, the college’s former manager of technology infrastructure. The scope of what he is alleged to have done is extensive, even though his motivation in allegedly harassing one individual is not totally clear:
An affidavit sworn by a senior NorQuest executive in its lawsuit against Orleski said “the amount of information belonging to NorQuest found on the hard drive of Orleski is overwhelming, including 2.4 gigabytes of information and 45,920 files just within the (“NorQuest College”) folder from Orleski’s main computer.”
[…]
“A vast quantity of confidential NorQuest information was found on the hard drive of Orleski’s home computer including the salary of every single employee, the employment contract of the CEO of NorQuest, private emails to the president’s confidential email account, notes by the CEO about terminations, disciplinary action, confidential notes from the president to the board chair as well as confidential notes between the president of NorQuest and outside legal counsel,” the affidavit states.
There were also files containing information about NorQuest’s budget and planning, performance reviews for many senior college personnel, copies of disciplinary letters to employees, transcribed interview notes from internal investigations – even emails between employees and their spouses discussing personal finances.
Read more on CBC. Yes, a disgruntled IT manager is a serious security risk.