Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ex-Employee Busted For Tampering With ERP System

Posted by Soulskill on from the wannabe-bofh dept.

ErichTheRed writes "Here's yet another example of why it's very important to make sure IT employees' access is terminated when they are. According to the NYTimes article, a former employee of this company allegedly accessed the ERP system after he was terminated and had a little 'fun.' 'Employees at Spellman began reporting that they were unable to process routine transactions and were receiving error messages. An applicant for his old position received an e-mail from an anonymous address, warning him, “Don’t accept any position.” And the company’s business calendar was changed by a month, throwing production and finance operations into disorder.' As an IT professional myself, I can't ever see a situation that would warrant something like this. Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite."

2 of 178 comments (clear)

  1. It's business as usual... by Coeurderoy · · Score: 5, Interesting

    >> Unfortunately for all of us, some people continue to give us a really bad reputation in the executive suite." The only reason the executive freak out at this is because most of then have absolutelly no idea what could happen, and how it could happen... When a sales rep leaves with his or her client, an acountant make some creative acounting and buy a condo with some "reimbursment", a Marketing manager exposes the company to serious bad mojo because he can't keep his pants on, etc .... they understand what happen. But realising that they should pay the guy that has root password on the ERP server the same as the CEO since he has actually more power that the CEO, this would be scary... So nobody should do any kind of "bad stuff", and revenge no matter how justified it is, is rarely worth the time needed to execute it. (that is why we do have courts of justice, in theory at least they help "outsourcing" revenge, and make it more "educative", not that the actual implementation always work...)

  2. You think that is bad?? by Anonymous Coward · · Score: 5, Interesting

    At a small company I worked for years ago there was a tendency to fire accountants (who simply didn't agree with the CFO). Turns out the CFO was embezzling funds and a number of folks just didn't want to go along with the program. So one day the CFO fired this one accountant and it was pretty bitter.

    As the IT director I had advised the CFO many months earlier that IT needs to oversee all the software and accounts in the company as it is a security matter. He agreed to all but the accounting software and its controls (he didn't want anybody seeing his criminal ways).

    So one day after firing the accountant, someone writes a $1,000,000 dollar check to a customer and it gets processed. Suspicious turns to the accountant having access, but there is no proof. The CEO and CFO both stop by my cubicle complaining how could this happen?? I simply told them you advised me several months back not to put the accounting software or user accounts under any IT control, even after I had warned you of the security dangers. We can't firewall a separate system that IT is not in charge of or have credentials to... Frustrated they walked away, annoyed like they couldn't blame someone for their stupidity.

    I kind of felt sympathy for that accountant, although he probably should of contacted the authorities. I had not way of knowing, except rumors you hear. Pretty ballsy, but that's what happens when suits have their ego and lack of ethics... Eventually there was an investigation on the books and things flew wide open. I left the company prior to it hitting the fan.