A disgruntled IT worker who launched a calculated cyber-attack against his employer just hours after being suspended from work has been jailed for over seven months.
Mohammed Umar Taj, 31, of Hyrst Garth, Batley, caused significant damage to the Huddersfield-based company where he worked, triggering disruption that reportedly cost the firm at least £200,000 in lost business and lasting reputational harm.
The cyber-attack began shortly after Taj was suspended from his role in July 2022. Leveraging his insider access, he unlawfully entered the company’s premises and accessed its computer systems, altering login credentials and disrupting core business operations.
Within a day, Taj escalated his sabotage, changing login credentials and manipulating multi-factor authentication settings, actions which disrupted not only the company’s UK operations but also clients overseas in Germany and Bahrain.
Investigators from West Yorkshire Police’s Cyber Crime Team recovered forensic evidence, including phone recordings in which Taj discussed and boasted about the attack, as well as digital evidence documenting his activities.
Taj appeared before Leeds Crown Court on 26 June, where he was sentenced to seven months and 14 days in custody. He had previously pleaded guilty to committing unauthorised acts with intent to impair the operation of or hinder access to a computer.
Detective Sergeant Lindsey Brants of the Cyber Crime Team said:
“Taj set out to get revenge on his employer following his suspension from work, deliberately targeting the organisation’s IT systems to inflict maximum disruption.
By exploiting privileged access, he caused a ripple effect of damage far beyond the UK, impacting international clients and operations.
This case highlights the critical importance of securing your networks, not only to prevent data loss and costly attacks, but to maintain trust with clients and stakeholders. We urge all businesses to regularly review and strengthen their cyber security protocols.”
West Yorkshire Police continues to advise companies to implement strict access controls, especially in cases of disciplinary actions, to prevent similar insider threats.
