IT Manager Pleads Guilty to Hacking Former Employer's Computer System

At a hearing before U.S. District Judge David Hittner, Danielle Duann, 51, admitted to illegally accessing the computer network of LifeGift Organ Donation Center and then intentionally deleting organ donation database records, accounting invoice files, database and accounting software applications and various backup files without authorization.

LifeGift is the sole provider of organ procurement services for more than 200 hospitals throughout 109 counties in North, Southeast and West Texas. Duann was previously indicted on this charge by a federal grand jury on June 24, 2008.

According to the statement of facts in the case, LifeGift terminated Duann from her position as their director of information technology on Nov. 5, 2005, and the organization revoked all of Duann's previous administrative rights and access to the LifeGift computer network. Beginning in the evening of Nov. 7, 2005, and continuing into Nov. 8, 2005, Duann repeatedly gained unauthorized access to the LifeGift computer network via a remote connection from her home and intentionally caused damage by deleting numerous database files and software applications, as well as their backups, relating to LifeGift's organ and tissue recovery operations.

Further, according to the statement of facts, in an attempt to conceal her activities, Duann disabled the computer logging functions on several LifeGift computer servers and erased the computer logs that recorded her remote access to the LifeGift computer network. LifeGift suffered damage and losses in excess of $94,200 as a result of Duann's computer intrusion and intentional, unauthorized deletion of programs and files.

The damage figure could have been much higher had the center not adequately backed up its computer systems. There was no interruption of clinical operations because the agency was able to retrieve all of the allegedly deleted information from backup systems.

Duann is scheduled to be sentenced by Judge Hittner on July 28, 2009. She faces a maximum punishment of 10 years in prison and/or a fine of up to $250,000.

The indictment is the most recent example of a disgruntled IT manager seeking revenge against a former employer. Another example of 'employer payback' is a network engineer from Southern California who was sentenced to 63 months in prison and ordered to pay more than $409,000 in restitution after triggering a massive data collapse on his former employer's computer network.

The victim of that rampage was a non-profit organization that provided IT services to regional health clinics in California. While the incident caused huge monetary damages, the real toll came when doctors no longer has the medial records for thousands of low-income patients who sought medical care.