I had an employee provide a resignation before I was on site. The employee then unplugged a desktop computer and left the premises with it. The computer contained pricing data, customer data, email communications, login credentials to several important websites, login info to vendor websites.

I filed a police report and the police were able to recover the computer, however the data on the machine was wiped or the drive was replaced.

What should I do?

  • mbspark77@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    None of that info is backed up??..I set my work computer to update backup file every Saturday

  • elekchen@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Following the suggestions by ChatGPT (GPT-4), I hope they can be helpful to you:

    "Yikes, that’s quite a pickle you’re in! First off, good on you for filing a police report – that was absolutely the right move. Now, dealing with the aftermath of the wiped data, here are some steps you might consider:

    1. Data Recovery: If the drive was wiped but not replaced, you might have a shot at recovering some data. There are professional data recovery services that specialize in this sort of thing. It’s not guaranteed, but it’s worth a shot.

    2. Change Credentials ASAP: Since the computer had login info to various websites, change those passwords immediately. This is crucial to prevent any further unauthorized access.

    3. Assess Your Data Backup Situation: If you have backups (and fingers crossed you do), now’s the time to use them. If not, it’s a tough lesson in the importance of regular backups. Cloud storage or external drives can be lifesavers in situations like this.

    4. Review and Improve Security Measures: It’s vital to assess how this breach happened and strengthen your security policies. Consider things like encrypted data, restricted access, and more robust internal security protocols.

    5. Legal Action: Since there’s a clear case of theft and data destruction, discussing with a lawyer about potential legal actions against the former employee might be necessary.

    6. Notify Affected Parties: If customer data was compromised, it’s usually best practice (and sometimes legally required) to notify those affected. Transparency is key here.

    7. Learn from the Incident: Use this unfortunate experience as a learning opportunity to improve your organization’s data security and employee exit protocols.

    Remember, hindsight is 20/20. It’s easy to think of what could have been done, but focus on what you can do now to rectify the situation and prevent it from happening again. Hang in there! 🛡️💻🔒"

  • CSharpSauce@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I wonder if there’s more to this story. Why did the employee think the computer was theirs to take? Did they bring their own device? You of course had backups… your entire business is not dependent on the state of a single hard-drive?

    Something seems off here.

    • rustbelt91@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Idk the walking off with a comp is the only weird part to me. Sounds like they could be covering up

  • CTRL1@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Business lesson is:

    Don’t keep important data on a non redundant, not backed, not encrypted, not identity managed device.

    Outside of that you can take civil action and ask the police to look into criminal action.

  • ivapelocal@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Employee: I resign!

    • forgets he’s been googling for “tranny grannies nude” and “wheelchairs gone wild”*

    *grabs computer, runs out the door… “nobody will ever find out now!”

  • Geminii27@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Contact a local lawyer. Let them know that you don’t know if the drive was replaced or not, you might not be able to say exactly what was on it at the time, and you don’t know if the information on the computer has been used to do anything.

    Whether they can still do anything at that point, I don’t know. Depends on your local legal system. Did the police arrest the employee for theft of the desktop?

  • AndyMcQuade@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Call your insurance broker and report a potential data breach. You have steps you need to take immediately to be in compliance with the law and your policy.

    You’re well into the zone of stolen confidential customer and employee information being exposed.

    Call your business litigation lawyer, many states consider this specific act a felony, and unlike the kia thieves and shoplifters, I’d bet there’s a good chance of both criminal and civil court wins for you.

    The courts will absolutely nail him to the wall for white collar crime.

    • lost_in_life_34@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      if the employee was able to do this then the insurance company probably won’t pay. I’m in IT and cyber insurance has ridiculous conditions these days

    • commonsenselacking@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This. Having customer’s PII exposed is a big issue and if not reported, could end up landing you in some shit. I’d report it to my insurance and see what their advice is.

  • RigasTelRuun@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Press charges, get a lawyer, get your insurance involved. You also might have to inform customers and vendors of a data breach if any sensitive information was there.

    You have acase against them. Whether they have the money to pay damages that is a different question.

    But don’t let them get away with it.

  • hammong@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Send the hard drive to a data recovery service, and then sue the former employee for the charges to recover the data – and probably loss of productivity and time as well.

    Unless the drive was “secure-erased” - it’s probably recoverable.

  • AxfordUniversity@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Nothing to do with justifying what the employee did, but I would love to see how unclean the employer’s hands are from the employee’s point of view if they did something like this 😆

  • JeffTS@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I should press charges and contact your insurance company. If it was just a wiped drive, your insurance company may cover data recovery services. They should also be advised due to this being a data breach. You may also want to contact your attorney for additional advice on how to proceed with both the former employee and the data that they potentially stole. Until you have the drive analyzed, you don’t know if it’s a replacement. They may have kept a copy of the data before wiping the drive or if they swapped out the drive for a new one. In the case of the latter, they very well may have retained the drive.

  • tiasueboink@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Macrium reflect is free backup software, can take snapshots of entire drives. Backup to network drive with separate username and password that is not handed out and is not accessible otherwise.

  • Busy_Honey_66@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I actually just saw something similar. Person I knew just got charged with felony computer offense and felony vandalism. Has a 40k bond. For allegedly “destroying computer files of former employee”

    He worked for a business. Was hired for their social media marketing for a short period. He deleted files and withheld logins for their social media after he was fired. They alleged he destroyed personal files that resulted in 10k in loses.