Devastating hack perpetrated from inside a McDonalds, prosecutors say
A large-scale data security breach that may have cost a Japanese pharmaceutical company almost $800,000 in lost productivity was allegedly performed from a McDonalds restaurant in Smyrna, Georgia.
Prosecutors said that Jason Cornish logged into an installation of vSphere he had secretly placed on drug maker Shionogi's servers early in the morning of February 3, and used his IT security credentials to access and delete 15 virtual machines hosted on the company's network. He is alleged to have acted out of anger over Shionogi's dismissal of a colleague.
The attack left the company at an effective standstill, court documents said, with employees unable to send or receive emails, ship orders or write checks.
The FBI was able to identify Cornish as the attacker quickly, according to prosecutors, since he had used his credit card to make a purchase at the McDonalds within minutes of the attack being traced to the same restaurant's public Wi-Fi network.
Tough internal data security policies can help protect businesses against disgruntled employees. Limiting access to minimum necessary levels will provide some defense, experts say.