Fired Employee Takes Revenge Against a NYC Credit Union’s IT System

In an act of revenge for being fired from a New York City credit union, a Brooklyn woman accessed the computer system and deleted its mortgage applications and other sensitive information maintained on a file server, according to federal prosecutors for the Eastern District of New York.

Juliana Barile, 35, pleaded guilty to one count of computer intrusion during a federal court hearing on Tuesday in Brooklyn. Court documents only identify the credit union in New York City as “an entity the identity of which is known to the United States Attorney.”

Prosecutors do not say in court documents why they are withholding the name of the credit union. Barile’s attorney declined comment.

A transcript of the 60-minute plea hearing indicates that Barile signed a plea agreement with prosecutors on Aug. 30.

Barile was fired from her position as a part-time employee with the credit union on May 19. Two days later, she remotely accessed the credit union’s file server from her Brooklyn home, and within 40 minutes, she deleted more than 20,000 files and almost 3,500 directories, totaling approximately 21.3 gigabytes of data, according to court documents.

The deleted data included files of mortgage loan applications and the credit union’s anti-ransomware protection software. Barile also opened confidential files, including documents containing board minutes of the credit union.

After she accessed the computer server, Barile sent text messages to a friend explaining that “I deleted their shared network documents,” referring to the credit union’s share drive.

On the day she was fired, the credit union requested from its IT support firm that it disable Barile’s access to the credit union’s computer system, but her access was not disabled, according to court documents.

Although the credit union did back up some of the data that Barile destroyed, prosecutors said the credit union has spent more than $10,000, so far, to remediate the IT issues.

Even though prosecutors said in a press release that Barile can face up to 10 years in prison, transcripts of her plea hearing indicate that prosecutors are expected to recommend a prison sentence of six to 12 months.

During the court hearing, Barile made the following statement: “On or around May 25 of 2021, I logged into the credit union’s computer with my credentials and deleted shared files. This occurred after termination, when I did not have authorization to log in or touch any of the information. I am guilty of the charges and I’m pleading guilty to it.”

Barile’s sentencing hearing has not been scheduled.