News: 0180158077

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Fired Techie Admits Sabotaging Ex-Employer, Causing $862K In Damage (theregister.com)

(Thursday November 20, 2025 @10:30PM (BeauHD) from the cyber-stunts dept.)


An Ohio IT contractor [1]pleaded guilty to breaking into his former employer's network after being fired, impersonating another worker and using a PowerShell script to reset 2,500 passwords -- an act that locked out thousands of employees and [2]caused more than $862,000 in damage . He faces up to 10 years in prison. The Register reports:

> Maxwell Schultz, 35, impersonated another contractor to gain access to the company's network after his credentials were revoked. Announcing the news, US attorney Nicholas J. Ganjei did not specify the company in question, which is typical in these malicious insider cases, although local media [3]reported it to be Houston-based Waste Management.

>

> The attack took place on May 14, 2021, and saw Schultz use the credentials to reset approximately 2,500 passwords at the affected organization. This meant thousands of employees and contractors across the US were unable to access the company network. Schultz admitted to running a PowerShell script to reset the passwords, searching for ways to delete system logs to cover his tracks -- in some cases succeeding -- and clearing PowerShell window events, according to the [4]Department of Justice .

>

> Prosecutors said the attack caused more than $862,000 worth of damage related to employee downtime, a disrupted customer service function, and costs related to the remediation of the intrusion. Schultz is set to be sentenced on Jan 30, 2026, and faces up to ten years in prison and a potential maximum fine of $250,000.



[1] https://www.justice.gov/usao-sdtx/pr/former-contractor-admits-hacking-employer-retaliation-termination

[2] https://www.theregister.com/2025/11/20/it_contractor_sabotage/

[3] https://www.chron.com/news/houston-texas/article/cyber-attack-houston-waste-management-hack-21196833.php

[4] https://www.justice.gov/usao-sdtx/pr/former-contractor-admits-hacking-employer-retaliation-termination


Computer crimes are over penalized (Score:1)

by coaxial ( 28297 )

10 years for this is bullshit.

Like all computer crimes, the estimated damage is grossly inflated. This doesnâ(TM)t even sound like the damage typical of a ransomware attack.

The guy is getting screwed.

Re: (Score:2)

by NobleNobbler ( 9626406 )

He won't get 10 years, but he'll definitely get too much time

The "estimated damages" numbers are always pulled out of someone's ass

Employer probably had everything resolved within a day

Assume 5,000 man-hours of downtime (Score:1)

by davidwr ( 791652 )

Let's assume 2500 employees lost 2 hours of productivity each. Let's assume the productivity value for each employee is at least $40/hour. That's $200,000. That's far below $862K. But if the downtime were higher and the lost productivity were higher, it at least puts $862K within the realm of a credible number.

Don't forget, cleaning up a mess like this isn't as simple as resetting passwords back and having employees log in and change their passwords. There's also things like making sure none of the ac

Re:Assume 5,000 man-hours of downtime (Score:5, Insightful)

by BoogieChile ( 517082 )

Not to mention the time taken to ensure he didn't do anything else.

Re: Computer crimes are over penalized (Score:3)

by Slashythenkilly ( 7027842 )

Agree to disagree here. We dont know what company he accessed or what information he compromised. 250k divided by 2500 employees out of work for a day is $100 each, not including the time it took IT to get them back online, the customers that company services, the thousands of letters the company will have send out notifying customers of a breach, and the amount of time it required for the company and law enforcement to complete a full investigation, then the cost of prosecution and punishment. Id say he is

Re: (Score:2)

by uncqual ( 836337 )

It's about $350/password.

While the summary (and of course I didn't RTFA) doesn't give much detail, that's not a ridiculous amount if each of the affected individuals were delayed in some way by a couple hours in accomplishing their work. It's not just their salaries, it's scheduling of work, customer satisfaction, overhead (such as benefits, SS taxes, etc) related to those couple of hours.

If the work needs to get done in a timely fashion regardless of the disruption, it may require paying the affected emplo

Re: (Score:1)

by Cito ( 1725214 )

I wonder what the penalty would have been in my situation if I had been caught. When I worked for Nielson I used to largely skew some of the ratings numbers in favorfor a couple of my favorite shows that I liked and wanted it to get more seasons, and for one of the shows I absolutely hated and I would keep underreporting rating numbers incrementally instead of all at once. I was already looking for another job when I began doing all this and more at Nielson, like intentionally skewing numbers and much more.

Re: Computer crimes are over penalized (Score:2)

by YetanotherUID ( 4004939 )

Considering you don't even know how to spell the name of the company you claim to have worked for (Nielsen), I find your claim to have done this highly dubious. Of course, even if you did, coming on a public forum and admitting you did it shows that you aren't the sharpest tool in the shed.

Re: (Score:2)

by registrations_suck ( 1075251 )

The guy screwed HIMSELF.

He also got off a lot lighter than he would have if I were sentencing him.

What's his side of the story? (Score:1)

by blue trane ( 110704 )

Did they fire him unfairly?

costs related to the remediation (Score:1)

by Anonymous Coward

> and costs related to the remediation of the intrusion

Hey, they needed MFA before this guy showed up. His Red Teaming did them a favor.

I stick my neck out for nobody.
-- Humphrey Bogart, "Casablanca"