Cyber Incident Victim: Century 21
Date:
Oct 2019
Location:
United States of America
Summary
A former Century 21 human resources systems administrator created an unauthorized "superuser" account before resigning, enabling continued network access to steal employee data and sabotage operations post-departure. The individual tampered with user accounts, deleted critical access information for replacement consultants, and altered payroll policies to trigger erroneous holiday payments, which could have cost over $50,000. The breach was detected when consultants encountered access issues, prompting the company to expend significant resources rectifying the unauthorized changes. Prosecutors charged the ex-employee with computer tampering, trespass, attempted grand larceny, and petit larceny for compromising proprietary systems and data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Hector Navarro, a former Human Resources systems administrator at Century 21’s Manhattan department store, engaged in unauthorized network access and data manipulation following his resignation in October 2019. Navarro had worked at Century 21 since 2012, holding a role that granted him administrative privileges to the company’s data management and timekeeping systems. Prior to his departure, he stole employee data and created an unauthorized "superuser" account on the company’s network, enabling continued access after his employment ended. From his Brooklyn apartment, Navarro subsequently used this account to tamper with Century 21’s systems between October 2019 and early 2020. His actions included deleting data related to external consultants hired to replace him, deliberately obstructing their ability to access corporate networks. He also altered the company’s holiday payroll policy settings, which would have automatically paid certain employees for holidays regardless of whether they worked those days. This payroll manipulation could have cost Century 21 over $50,000 if undetected.
Century 21 discovered the breach when the consultants experienced persistent network access issues, prompting an internal investigation that revealed Navarro’s unauthorized activities. The company incurred thousands of dollars in costs to reverse the deletions and correct the payroll policy changes. The Manhattan District Attorney’s Office, led by Cy Vance Jr., prosecuted the case following an investigation by the Cybercrime and Identity Theft Bureau and the New York City Police Department. Navarro was indicted in New York Supreme Court on charges including Attempted Grand Larceny in the Second Degree, Computer Tampering in the Third Degree, Computer Trespass, and Petit Larceny. Assistant District Attorney Francesca Rios led the prosecution under the supervision of bureau chiefs Robert Shull and Elizabeth Roper, with investigative support from NYPD Detective Edward Libassi and analyst Jessica Alhanouch. The incident highlighted risks posed by insider threats to corporate data integrity and operational continuity, though Century 21 mitigated financial losses through timely detection and remediation efforts.