Our only URLs are

All other sites are scams – especially be wary of:

benumbs.cards & bennumb.cards & bennumbs.cards & benumb.cc & many more…

(it can be hard to notice the S and extra N if not careful.) 

Welcome to the real deal. 

Please bookmark this link — the other sites have simply copy/pasted our html and don’t actually have any cards to sell. 

They can be easy to fall for if you aren’t cautious!

24 thoughts on “Fired NY credit union employee nukes 21GB of data in revenge”

  1. >Her petty revenge not only created a huge security risk for the bank

    No, the bank’s shitty security was the huge risk and it was exploited. Quit shifting blame. If I banked with this institution I’d be immediately closing all of my accounts.

    Reply
  2. >Even though a credit union employee asked the bank’s information technology support firm to disable Barile’s remote access credentials,that access was not removed.

    Sounds like another firing is warranted.

    Reply
  3. I work in data recovery. They got off lucky with only a $10k bill. She didn’t do that good of a job to get it back for so cheap. Consider it at a cost of $0.50 a document.

    Just opens up doubts about the companies IT security policies. There’s a reason corporations won’t do success story testimonials for us. It exposes their shortcomings needing a data recovery company to help them out of a jam.

    **Edited to add**: *I’m getting a ton of messages asking if it’s just as simple as using the undelete command. Perhaps it might be but they also need to get data verified and rebuilt it some cases, Just this act alone falls under a forensic category. A certified technician will have to perform this work and be able to testify about the work in a court of law. This costs money for expertise and some yahoo working from his basement using simple commands to undelete data doesn’t fly. There is certainly more to the story that we don’t know about.*

    Reply
  4. > The wiped included files related to customers’ mortgage loan applications and the financial institution’s anti-ransomware protection software

    I’m not sure if they are referring to documentation about the ransomware software or the applications files themselves but why in the fuck would files related to ransomware protection software be stored on a shared directory that a part time employee can access? Only certain members of IT should be accessing that info. This company sounds like dogshit.

    Reply
  5. I manage the IT needs of a number of companies. The first expense is the hardware and software licensing, the second cost is proper disaster recovery.

    If a company won’t invest in DR, I won’t take their contract.

    Reply
  6. >Five days later, on May 26, she also told a friend via text messages how
    she was able to destroy thousands of documents on her former employer’s
    servers, saying, “They didn’t revoke my access so I deleted p drift
    lol. [..] I deleted their shared network documents.”

    Yeah don’t brag about your crimes bro

    Reply
  7. “An insider threat can wreak just as much havoc, if not more, than an external criminal.”

    Yeah, but they were fired. A big rule in bank IT security is you don’t leave accounts active for users who should not have access to confidential data. They weren’t and insider, they were fired days before.

    The blame goes in two directions here. Them deleting the files doesn’t magically absolve you of any wrongdoing. This isn’t some Russian hacker, it was caused by a person with enough knowledge to have no idea the incident will point directly back at them.

    Reply
  8. > “Her petty revenge not only created a huge security risk for the bank”

    Um, no. The people who were supposed to REVOKE THE ACCESS OF A TERMINATED EMPLOYEE ARE THE SECURITY RISK.

    Ms. Barile only demonstrated WHY not having proper access control procedures – ***and following them*** – regarding terminated employees is such an important thing.

    Reply
  9. Even though a credit union employee asked the bank’s information technology support firm to disable Barile’s remote access credentials, that access was not removed. Two days later, on May 21, Barile logged on for roughly 40 minutes.

    ​

    seems like the issue is with the bank’s information technology support firm, they didn’t revoke her access. If i were the bank, i would have sue the information technology support firm.

    Reply
  10. Most servers have backup protection. I can erase everything on our company server, and it wouldn’t matter. In minutes, everything can be completely fixed. We are not a big company either. This is basic stuff that every company should have.

    Reply
  11. 21GB didn’t sound like much at first… I make videos. That’s less than 2 hours of DV footage.

    Then I realized it’s just spreadsheets and math. Holy mother of god that’s a lot of info… apparently it’s the size of compressed Wikipedia…

    Reply
  12. While we’re on the subject, a former employer allowed me to RDP into my laptop and work on documents. Without giving too much away, it was basically over 5k total of people’s PERSONAL information including SSN# and wages. When I departed that company a piece of me went “….I have all this information on my personal device. I’m going to just delete it ASAP”

    It’s so easy though for someone to forget they have it or worse, remember they have it and be malicious. Or shit, if my laptop got stolen 5k folks would have been compromised with EASE.

    A sliver of me wanted to tell IT to institute VDI sessions and disable file transfers but the company I worked for stressed compliancy to its base. Just a warning that a regular ‘ol person may have your livelihood in their hands right – right or wrong.

    Reply
  13. Anybody who can’t restore everything up to a few minutes ago with only minor annoyance and little drama should seriously rethink their backup/restore and DR plans.

    The credit union should be embarrassed that any employee could do that.

    Reply
  14. > Even though a credit union employee asked the bank’s information technology support firm to disable Barile’s remote access credentials,that access was not removed.

    Always, always, *always* trigger access termination procedures the second you know an employee is leaving. If they’re getting fired, they need to be locked out of critical systems before they are told.

    Reply

Leave a Comment