Former Database Administrator Convicted Of Hacking His Old Firm

Ex-employee attacked his old database months after being terminated

Tim Wilson, Editor in Chief, Dark Reading, Contributor

November 20, 2009

2 Min Read
Dark Reading logo in a gray background | Dark Reading

A former database administrator for GEXA Energy has been convicted after pleading guilty to hacking his former employer's database system.

The conviction of Steven Jinwoo Kim, 40, was announced yesterday by U.S. Attorney Tim Johnson, according to a news report by DataBreaches.net.

At a hearing before U.S. District Judge Vanessa Gilmore, Kim admitted to recklessly causing damage to a GEXA Energy protected computer, the report says. GEXA Energy is a retail electric utility provider based in Houston.

On Feb. 5, 2008, GEXA Energy terminated Kim's employment as a database administrator and permanently revoked his access to all GEXA Energy facilities, computer networks, and information technology systems, the report says. Approximately three months later, Kim remotely accessed the GEXA Energy computer network and GEXA Energy Management System (GEMS) database.

While connected to the GEXA Energy computer network, Kim recklessly caused damage by, among other things, issuing various Oracle database commands that created a new data table in the GEMS production database. When copied to the GEMS staging database, that caused the automated script to fail, thus impairing the availability of data.

As a result of Kim's intrusion into its protected computer system, GEXA Energy incurred a loss of at least $100,000 -- the costs associated with troubleshooting, securing, and repairing the GEXA Energy computer network and GEMS database, the report says. Kim was indicted in June 2009.

GEXA customers were not notified of the breach until April 2009. In letters sent to those affected, the utility provider indicated it had been prohibited from telling them of the incident sooner because of the investigation.

Judge Gilmore set Kim's sentencing for March 1. He faces a maximum punishment of five years imprisonment and/or a $250,000 fine. Kim has been permitted to remain on bond pending his sentencing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Tim Wilson, Editor in Chief, Dark Reading

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

See more from Tim Wilson, Editor in Chief, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Starbucks logo on a storefront
Cyberattacks & Data Breaches
Ransomware Attack on Blue Yonder Hits Starbucks, SupermarketsRansomware Attack on Blue Yonder Hits Starbucks, Supermarkets
byJai Vijayan, Contributing Writer
Nov 25, 2024
4 Min Read
thumbnail
Сloud Security
Nearly Two Dozen AWS APIs Are Vulnerable to AbuseNearly Two Dozen AWS APIs Are Vulnerable to Abuse
byJai Vijayan, Contributing Writer
Nov 17, 2020
4 Min Read
Male hand holding a tablet, with a car floating above it; black background
Vulnerabilities & Threats
My Car Knows My Secrets, and I'm (Mostly) OK With ThatMy Car Knows My Secrets, and I'm (Mostly) OK With That
byKyle Hanslovan
Nov 26, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events