Lesson From Employee Hacking Case: Don't Use 'Password' for a Password
In the fast-paced computer world, people occasionally use "password" as a default password on their accounts. Bad idea.
It was an expensive lesson learned for furniture company Brown Jordan and one of its top executives. Christopher Carmicle used the password to access email of other employees, including superiors, leading to costly litigation and termination.
According to the U.S. Eleventh Circuit Court of Appeals, Brown Jordan rightfully terminated Carmicle for hacking into the email. The judges probably would have affirmed the judgment against him for other reasons, too, if the company had acted sooner.
Waste Not, Want What?
Before he was fired, Carmicle told the company's board of directors that other employees were defrauding the company to the detriment of shareholders. The board responded by hiring an investigator to look into the allegations.
"The investigator ultimately concluded Carmicle's allegations were entirely without merit, and reported that fact to the Board of Directors," the appellate court said. "The investigator also reported Carmicle's email access and the fact Carmicle had used in excess of $100,000.00 in Brown Jordan funds for unauthorized entertainment expenses."
Swift Rise; Faster Fall
Carmicle began working for Brown Jordan in 2002. Carmicle rose swiftly through the ranks at Brown Jordan, the parent company of a number of entities engaged in the manufacture and sale of furniture for residential and commercial use. By 2005, Carmicle was responsible for the national accounts of Brown Jordan.
Problems began when Carmicle started overspending his budget, including putting his wife on the payroll and approving her salary. The company was ready to fire him in 2011, but decided not to do so because the company was up for sale.
In 2013, the company changed email services and its chief information officer set up email with "password" as a generic password. Carmicle began using the password to access other workers' email, including his superior, and learned this his tenure was tenuous. He also used the password to take screenshots of hundreds of email before the investigator caught up with him.
The company fired him, alleging he took more than $750,000 in funds and property and sued him for violating the Stored Communications Act and the Computer Fraud and Abuse Act. Carmile then sued for wrongful discharge, but the trial judge dismissed his lawsuit and entered judgment for the company.
Related Resources:
- Ex-Exec Appeals Firing Over His Access Of Co-Workers' Email (JD Supra)
- ADA Doesn't Require Reassignment of a Disabled Employee (U.S. Eleventh Circuit)
- ACLU Wins Appeal for LGBT Club Against Middle School (U.S. Eleventh Circuit)