Ex-Gucci IT worker charged with computer hacking
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.An IT engineer fired by Gucci hacked into the company’s servers, deleting data and shutting down its email and other IT services in a revenge attack estimated to have cost the upmarket retailer around £125,000, Manhattan prosecutors allege.
Sam Chihlung Yin, 34 and from Jersey City, is accused of having secretly created a user account for himself in the name of a fictional employee while working at Gucci, giving him continued access to the company’s IT servers after he was sacked for an unrelated incident in May last year.
He is said to have used the account and administrator passwords he had taken with him to hack into its corporate servers for around six months. On one day in November last year, he allegedly deleted servers, shut down storage areas and wiped mailboxes on the Gucci America system. He is also said to have shut down the network for the whole day, preventing employees from accessing any documents, files or other materials saved anywhere on its network.
The New York County District Attorney’s office, which is prosecuting the case, said in a statement: “Yin’s destruction of data from the e-mail server cut off the e-mail access not only of corporate staff, but also of store managers across the country and the e-commerce sales team – resulting in thousands of dollars in lost sales.”
IT security expert Graham Cluley underlined the importance of changing passwords and resetting access rights when members of staff leave, adding that there is “definitely the possibility” that future attacks could expose customers’ data.
“Disgruntled employees could take customer databases with them when they leave. Some have even planted logic bombs in databases which only they can diffuse so, if they are ever fired, whole databases could be obliterated or transmitted.”
He added: “People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause mischief. But it only takes one disaffected former worker to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.
Last year, a former employee of US investment bank Fannie Mae planted malicious codes designed to destroy information on the company’s servers after being fired.
Mr Yin is charged with computer tampering, identity theft, falsifying business records, computer trespass, criminal possession of computer-related material, unlawful duplication of computer-related material, and unauthorised use of a computer, according to an indictment filed in a Manhattan court.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments