October 21 – Manhattan District Attorney Cy Vance, Jr., today announced the indictment of HECTOR NAVARRO, 30, a former Human Resources systems administrator at Century 21’s Manhattan department store, for breaching the company’s network to steal and alter data. NAVARRO is charged in a New York Supreme Court indictment with Attempted Grand Larceny in the Second Degree, Computer Tampering in the Third Degree, Computer Trespass, and Petit Larceny, among other charges. [1]
“If left undetected, this former employee’s alleged tampering could have cost Century 21 more than $50,000,” said District Attorney Vance. “Unauthorized access to computer networks and the theft of valuable proprietary data are serious threats to the Manhattan business community. I thank my Office’s Cybercrime and Identity Theft Bureau and our partners at the New York City Police Department for their thorough investigation. I urge anyone whose business has been affected by hacking or digital theft to reach out to my Office’s Cybercrime Hotline at 212-335-9600.”
According to the indictment and statements made on the record in court, beginning in 2012, NAVARRO worked as a systems administrator and manager in Century 21’s Human Resources Systems and Administration, where he had access to the company’s data management and timekeeping system. In October 2019, NAVARRO resigned from the company. Prior to his last day, he stole employee data from the company and created an unauthorized “superuser” account on the company’s network – which allowed him access to the network after his resignation.
After leaving the company, NAVARRO accessed the “superuser” account from his apartment in Brooklyn and tampered with other user accounts, including deleting data related to consultants hired to replace him so that they could not access Century 21’s networks. NAVARRO also made changes to the company’s holiday payroll policy, which, if undiscovered, would have paid certain employees for holidays whether they worked on those dates or not. When the consultants hired to replace NAVARRO were unable to access the network, Century 21 discovered the breach and spent thousands of dollars to correct the changes and deletions.
Assistant D.A. Francesca Rios is handling the prosecution of the case under the supervision of Assistant D.A.s, Robert Shull, Deputy Chiefs of the Cybercrime and Identity Theft Bureau, and Elizabeth Roper, Chief of the Cybercrime and Identity Theft Bureau, as well as Executive Assistant D.A. Christopher Conroy, Chief of the Investigation Division. Investigative Analyst Jessica Alhanouch assisted in the investigation.
District Attorney Vance thanked NYPD Detective Edward Libassi for his assistance with the investigation.
Source: Manhattan District Attorney Vance.