Former Database Administrator Convicted Of Hacking His Old Firm

Ex-employee attacked his old database months after being terminated

Tim Wilson, Editor in Chief, Dark Reading, Contributor

November 20, 2009

2 Min Read

A former database administrator for GEXA Energy has been convicted after pleading guilty to hacking his former employer's database system.

The conviction of Steven Jinwoo Kim, 40, was announced yesterday by U.S. Attorney Tim Johnson, according to a news report by DataBreaches.net.

At a hearing before U.S. District Judge Vanessa Gilmore, Kim admitted to recklessly causing damage to a GEXA Energy protected computer, the report says. GEXA Energy is a retail electric utility provider based in Houston.

On Feb. 5, 2008, GEXA Energy terminated Kim's employment as a database administrator and permanently revoked his access to all GEXA Energy facilities, computer networks, and information technology systems, the report says. Approximately three months later, Kim remotely accessed the GEXA Energy computer network and GEXA Energy Management System (GEMS) database.

While connected to the GEXA Energy computer network, Kim recklessly caused damage by, among other things, issuing various Oracle database commands that created a new data table in the GEMS production database. When copied to the GEMS staging database, that caused the automated script to fail, thus impairing the availability of data.

As a result of Kim's intrusion into its protected computer system, GEXA Energy incurred a loss of at least $100,000 -- the costs associated with troubleshooting, securing, and repairing the GEXA Energy computer network and GEMS database, the report says. Kim was indicted in June 2009.

GEXA customers were not notified of the breach until April 2009. In letters sent to those affected, the utility provider indicated it had been prohibited from telling them of the incident sooner because of the investigation.

Judge Gilmore set Kim's sentencing for March 1. He faces a maximum punishment of five years imprisonment and/or a $250,000 fine. Kim has been permitted to remain on bond pending his sentencing.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

See more from Tim Wilson, Editor in Chief, Dark Reading
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Man in a suit drawing development graph strategy on gray wall
Cybersecurity Operations
CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti IssueCISO Corner: Evil SBOMs; ZT Pioneer Slams Cloud Security; MITRE's Ivanti Issue
byTara Seals, Managing Editor, News, Dark Reading
Apr 26, 2024
9 Min Read
The Manila skyline
Cyberattacks & Data Breaches
Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to ChinaPhilippines Pummeled by Mix of Cyberattacks & Misinfo Tied to China
byJohn Leyden, Contributing Writer
Apr 26, 2024
5 Min Read
Vector drawing of CPU with lock symbol on stylized circuit board
Endpoint Security
Chip Giants Finalize Specs Baking Security Into SiliconChip Giants Finalize Specs Baking Security Into Silicon
byAgam Shah, Contributing Writer
Apr 25, 2024
2 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events