Tunneling into a Data Breach: The Problem with Remote Access and the Terminated Employee

David Ting
Feb 03, 2012

Another insider unauthorized access incident came across my radar just as I put the finishing touches on my most recent blog post highlighting Lesmany Nunez’s case being the latest example of a disgruntled employee breaching a network. As of today, the most current remote access security breach involves Danielle Duann, an IT director of a nonprofit organ and tissue donation center.

According to the Department of Justice’s press release, the LifeGift Organization Donation Center claims that Duann’s access had been revoked when her employment had been terminated. However on the evening she was fired, not only was Duann able to access and delete sensitive information such as organ donation database records, but she also tampered with the computer logging function on LifeGift’s servers to mask her actions.

The DOJ also states that Duann plead guilty to the charge of unauthorized computer access and was sentenced to two years in prison, three years of supervised released and ordered to pay more than $94,000 to her former employer as compensation for this incident.

In my perspective, the two key takeaways from this incident are:

1. The organization thought it had enough security measures in place to prevent a malicious insider attack from occurring

2. Duann was able to remotely access the system after her termination

As mentioned in a blog post last month, using the summer months to check for ghost or orphaned accounts is a worthwhile endeavor. Remote access continues to be a common vulnerability with recently-terminated employees holding the keys to the castle from afar… it happens over and over. How many times have we heard about ex-employees who boast they still have remote access to their former place of employment? This incident should underscore how prevalent security breaches are as layoffs increase, and serve as a reminder to survey and close off every potential entry point to an organization through a sound identity management strategy that ensures secure authentication and access.

What do you think are the key points here?

-David