Employee deletes company files as revenge
 

Smart company, having $2.5 million worth of files and no backups.



Angry Employee Deletes All of Company's Data

Thursday , January 24, 2008


Call it a tale of revenge gone wrong.

When Marie Lupe Cooley, 41, of Jacksonville, Fla., saw a help-wanted ad in the newspaper for a position that looked suspiciously like her current job — and with her boss's phone number listed — she assumed she was about to be fired.

So, police say, she went to the architectural office where she works late Sunday night and erased 7 years' worth of drawings and blueprints, estimated to be worth $2.5 million.

"She decided to mess up everything for everybody," Jacksonville Sheriff's Office spokesman Ken Jefferson told reporters. "She just sabotaged the entire business, thinking she was going to get axed."

It didn't take Steven Hutchins, owner of the architectural firm that bears his name, much time to figure out who'd done it — Cooley was the only other person who had full access to the files.

Police arrested Cooley Monday evening and charged her with causing greater than $1,000 damage to computer files, a felony. She was bailed out the following afternoon.

Hutchins told one TV station he'd managed to recover all the files using an expensive data-recovery service.

As for the job, Cooley originally wasn't in danger of losing it. The ad was for Hutchins' wife's company.

The firm told FOXNews.com that Cooley no longer is employed there.

Wow, that REALLY sucks. Keep backups... that's what I learned from my experience with hosting companies :-X

I love that she wasn't even going to lose her job -- not only was this monumentally stupid, but it was also misguided and incredibly malicious! It's like her boss hit the trifecta in a "quality" employee!

You get what you pay for, and judging by what Florida companies pay, there are sure to be plenty of other "quality" employees in the state. ;)

What, and put the file recovery people out of business?! :eek:

I don't believe that they had only one computer in the office where this important data was stored. How is it possible to run business and not to back up your files?!

Epic fail on all sides

Common sense isn't so common. :cool:

Moral of the story: Just because it feels good doesn't mean you get to do it.

Another stupid employee cost the company a little more than $2mil in France.

All I can say is WOW! What a chump. Some people seem to think they're smarter than the system...time to pay the piper mon ami.

There's no way she could have actually thought she was going to get away with that, is there? Honestly, how would someone get that high in a company while also being an illogical twit. She's one of the only people who had access to the files! I mean, if you're going to get revenge...

Just 2 comments:

1. re: fat Elvis' post - I believe the figure is 7.2 Billion (as in Gigabucks, not Megabucks)

2. Not only was this person stupid, but incompetent as heck. It seems to me that anyone working with computers for any length of time would realize that a simple erase, really isn't. If she had any competence at all, she would have overwritten, not just erased, the data.

There's a lot more to it than just backups. Employee foolishness and lack of qualifications is exactly the sort of thing that leads to personal data losses in a lot of circumstances. It's always assumed that a site is hacked, and in a sense it is, but not necessarily by an outsider.

The problem is the people who have access to what should be secure data are not themselves security checked or savvy in any way; they stick CDs full of customer data in clear text in a bubble pack and mail it, they write their login names and passwords on a post-it on their display even though that combination represents direct access to the health records of a clinic or to a retailer's credit card files, they sell access to or obtain information for outsiders who want it for illegitimate purposes.

Similarly, employers like this one store all the valuable data from their enterprise on one machine and then give the entire office access to it directly. Drs are very proud to become paperless offices, but then the entire clinical staff has access to and permissions to change or remove any of that data.

It's not too difficult to make data secure. It's damned near impossible to make the folks who must have access to it equally secure.

Just one back up of 2.5 million dollars worth of designs and the possibility of destroying your business? Obviously, this business did not have much foresight.

I believe you're looking at this from a computer geek (no disparagement intended, but I don't know what other term to use in this context) perspective and not seeing the big picture. A business owner is primarily a businessman, not a computer person. His job is to run the business, and to hire competent specialists to handle the subordinate functions necessary to make the business run. In this case, the guy ran an architectural business, and the computer system was one of the many subordinate functions that the business required to operate. He can certainly be faulted for lack of skill in the evaluation of the competence of the people he hires.

It is not the business owner's function to ensure that the office manager pays the phone and utility bill every month, even though the ability of the business to function depends on these bills being paid - his function is to hire a competent office manager; it is not his function to ensure that the shipping department head has the oil changed at regular intervals for his delivery vehicles, even though his business will fail if he can't make deliveries to his customers - his function is to hire a competent shipping department head; etc., etc. If a business owner does have to spend his time reminding the office manager to pay the bills, or the shipping department head to have the oil changed, or, as in this case, the computer specialist to perform backups, etc., he is an inefficient and/or ineffective businessman, and probably not particularly successful to boot. (Just an illustration: How often do you think Steve Jobs asks the manager in charge of OS development whether he's backed up all his software?)

Certainly the buck stops at the business owner, and it is his business that came close to failing due to the lack of backup. However, I believe the incompetence of failing to have backups of the data was that of the computer person, while the incompetence of the business owner was that allowing an incompetent to be in charge of this particular subordinate business function.

How much do you think he paid to recover the files?

Running a business requires setting policies and parameters for your subordinates to meet. What I've seen in my career is that business people never give a thought to backups, never set standards, and even reject proposals for "expensive" backup systems. It took me three years to convince a client, similar in size and type of work to the one in the story, that they needed more than just a copy of some of their data on an external drive. From their yearly income of $6 mil they would not budget $4,000 for a tape library.

Business people aren't clerical people, yet they seem able to set policies for how paperwork and forms are handled in their offices.

I recently had a recovery done for a client (had backups, but the cost of 24 hours of data loss was higher than the recovery cost). It was $7200 to recover one drive pair in a mirrored set, with immediate service over a weekend. It would have been about 70% less with three day, weekday service.

You're absolutely correct. The point I was trying to make was that a business owner doesn't necessarily have to be cognizant of the the various low level tasks of the various subordinate functions necessary to run the business. If one is able to hire competent subordinate function managers, it is (or should be) sufficient to provide "mission type" direction and supervision, rather than detailed technical direction. This particular owner failed at several levels: hiring an incompetent in the first place, failing to recognize incompetent performance, etc. IMO, directing the specific type of redundancy necessary and/or type of media backup, etc. are lower level technical details that a normal business owner cannot be fairly faulted for not understanding.

Have you found this to be the case for vigorous, successful businesses? I would expect that to be the case for businesses "struggling to make it" and trying to scrimp on virtually everything, rather than successful businesses.

For "professional data recovery services", what does this actually involve? Is it really anything other than running DataRescue-type software on a drive? I would expect that adjacent bit magnetic field analysis type of recovery that the cloak and dagger folks can perform to recover overwritten data would be way beyond the scope of commercial data recovery (to say nothing of the cost).

well, just to play the devil's advocate...

here we have an employee who was obviously a long-term, trusted individual (I mean, why else would she be the only other person with access to important files?). I can't help but wonder what working conditions were like in that office, that she'd be on that much of a hair trigger. resentment like that has to build over time.

good working conditions make loyal employees. that's not a justification for her actions, of course, but this guy might want to think about his employee relations technique while he's shopping for a backup drive...

That's a good point. Good employee relations, one aspect of which is open communications, will tend to increase (although not guarantee) employee loyalty. It is all too often shunted to the side for various reasons.

However, if the employee was a "long-term, trusted" person, it seems to me that would make it even more traumatic to find an ad that appeared to be looking for a replacement.

All in all, an unfortunate confluence of events. The (former) employee is unlikely to find any work in her chosen field in the future, even if she makes the effort to become more knowledgeable. The business owner, however, probably learned a lesson much more valuable than what it cost him for data recovery services.

entirely. everybody lost on this one.

The fact that she was checking the want ads in the first place says something about the situation.

It also depends upon the characters of people. That woman could easily take revenge on the boss she thought to be no longer loyal just because she got extremely angry at seeing the advertisement

Absolutely. In the example I gave above, the company owners were putting well over $300k/year each in their pockets from profit, as well as remaining debt-free. If anything there might be a reverse correlation with success, seems like when everything is going well people don't want to consider the potential bad things.

The job that I recently had done involved a head strike on one of two drives that are mirrored. The THEORY is that RAID should overlook that problem or error out the drive and continue. The REALITY is that it doesn't always work as planned, and in this case it freaked out and started writing bad data to both drives. The recovery entailed finding the original file traces without the benefit of the normal pointers to the files, and putting them back together, without also inserting bad data. It goes well beyond just running a recovery program. In the old days of 20/30 MB drives I have done several byte-level recoveries like this, and they were not trivial then. Now do it with a 150 GB drive.

Not really. If you work in America today, you should always be checking the want ads. There is no loyalty.

I understand this completely, having worked for a sub-contract for the military. However, as a business owner, it is up to me to make sure my investment is protected. Not only by hiring the right person, but to setup someone to check up on such persons work. This kind of thinking can apply to your finances. If you hire an investment manager, but not have someone double check his doings, you may be bilked out of thousands or even millions of dollars.
I work for a global software company, and to this day, the second in command reviews and signs every check for every purchase order.
Even if this company were old school (ie just hard copy), you have to consider "what if" scenarios. What about fire, theft, or flood? Trusting your business to the idea that disasters never happen is irresponsible. This company was lucky that there was a way to recover the hard disk. Others have not had such ability. Case in point. The state of Hawaii lost hundreds of irreplaceable, historic maps due to a hurricane causing a flood at the museum where they were housed. They kept them in the basement! They were irresponsible in A. not digitizing them, and B. not considering that a flood was possible.

Trustworthiness -- and trust
 

.
I still feel that the best way to get someone to be trustworthy, is to actually trust them. It has worked for me, with clients as well as service providers. Time and again, they prove to be as good as their word – which I strive to be as well. I have rarely been burned professionally.

That does not, however, mean that you choose to trust everybody! And it certainly does not work with companies that have lost their humanity.

Just a thought...

-- ArcticStones
.

For the last 30 years or so are in what I think of as the MBA era -- everything a company does any more is based on a strict what-if spreadsheet analysis and has little if anything to do with the human resources involved in the decision. Corporations have, if I may coin a phrase, become completely left-brained. HR (a complete misnomer) departments have grown up to defend corporations for their abuses and deliver the letter of the law rather than the spirit of the law. There are still some good citizens, but, of course, they aren't as rich at the bean-counting set.

It's a shame, too, because the downside of this behavior is that neither customers nor employees have any loyalty to corporations at all, having somewhat defensively gone to the what's-best-for-me position in both shopping and employment. Further, unfortunately, what's-best-for-me is all to often a strictly monetary decision (best deal, best salary) -- i.e., what's-best-for-me has become left-brained as well.

These positions on both our parts inevitably strips "service" of any kind out of the mix; Walmart employs greeters, but not a soul to help you; try to call any corporation, government agency, or retail establishment and go through the "if blah, blah, press 1, then "all our representatives are busy", then we value your business while ghastly music plays...." Call for tech support and get some guy in South India. Why do they do that? It's cheaper, and we, as part of the vicious circle, demand cheaper or we won't buy.

I could go on and on, but you get the picture.

Indeed I do. What we are getting instead is essentially a cybernetic process: the Corporation as automaton – a monster. Having assumed its own life and character, it is self perpetuating. And in such a system, only certain types of people reach key management positions.

Tragically we are sacrificing incredibly much in the process...