One of the most common audit questions is “Do you have a process for suspending/deleting accounts of people that have left the business or changed duties?” Obviously not in this case…:
[…] Deepanshu Kher was helping a client to transition to a Microsoft Office 365 environment. But apparently the client company was so displeased with Kher’s performance that they complained about it to the consultancy company that despatched him. As a consequence, Kher got laid off and went back to India.
Some two months later, once he was outside of the US, Kher decided to infiltrate the California firm’s servers and deleted over 80% of employee Microsoft Office 365 accounts.