Former IT Contractor Pleads Guilty to Retaliatory Cyberattack on Employer’s Network
In a significant case highlighting the risks of insider threats, 35-year-old Maxwell Schultz from Columbus, Ohio, has admitted to orchestrating a cyberattack against his former employer’s network following his termination. Federal prosecutors announced this week that Schultz pleaded guilty to computer fraud charges after executing an attack that disrupted operations for thousands of employees nationwide.
Incident Overview
On May 14, 2021, Schultz was dismissed from his contract position within the company’s IT department. Rather than accepting his termination, he sought retribution through digital means. Shortly after his dismissal, Schultz impersonated another contractor to fraudulently obtain valid login credentials, thereby gaining unauthorized access to the company’s network.
Execution of the Attack
Once inside the system, Schultz utilized a PowerShell script to reset approximately 2,500 employee passwords simultaneously. This action effectively locked thousands of workers and contractors out of their computers across multiple locations, causing widespread operational disruption. In an attempt to cover his tracks, Schultz actively sought methods to delete digital evidence of his unauthorized access, including PowerShell event logs and system logs. Despite these efforts, investigators were able to trace the attack back to him.
Impact on the Company
The company suffered significant financial losses exceeding $862,000 due to the attack. These damages included widespread employee downtime, disrupted customer service operations, and extensive labor costs required to restore standard network functionality. The ripple effects impacted both internal operations and customer relationships, underscoring the severe consequences of insider threats.
Legal Proceedings and Sentencing
As part of his guilty plea, Schultz acknowledged that anger over his termination motivated the attack. He now faces serious federal consequences. U.S. District Judge Lee Rosenthal is scheduled to sentence Schultz on January 30, 2026. He faces up to 10 years in federal prison and a maximum fine of $250,000. The FBI led the investigation, with Assistant U.S. Attorneys Rodolfo Ramirez and Michael Chu prosecuting the case.
Broader Implications
This case highlights the critical importance of immediately revoking system access for terminated employees, particularly those with administrative privileges. It serves as a stark reminder for organizations to implement robust access control measures and to monitor for unauthorized access attempts, especially following personnel changes.
