- Massachusetts Attorney General Tom Reilly has filed charges against a Middleton, Massachusetts, woman, accusing her of hacking into her former boss' computer system and forwarding confidential emails to former co-workers.
According to a statement issued by Reilly's office, Wendy Sholds, 38, faces two counts of unauthorised access to a computer system. She is scheduled to be arraigned July 1 in Salem District Court.
The charges against her stem from an incident at Middleton-based Business Travel International (BTI) in February, Reilly's office said.
At that time, two BTI employees reported that they had received an email that appeared to have been sent by the company's CEO, according to Reilly. The email allegedly contained actual correspondence between the CEO and a company vice president discussing the termination of the two employees, Reilly's office said.
An investigation by Massachusetts State Police assigned to Reilly's office and the Boston Computer Crime Unit, found that the CEO had not sent the email to the two employees. Through the investigation, the law enforcement agencies found that Sholds had allegedly used the CEO's username and password to access her BTI email account and then forwarded the message to the two employees.
The attorney general's office said Sholds also allegedly used the vice president's username and password to access private information on the password-protected BTI website.
Sholds couldn't be reached for comment today.
John Grossman, chief of the Attorney General's High Tech and Computer Crimes Division, which is handling the case, said Sholds could face 30 days in the state House of Corrections if convicted of the misdemeanor crime.
Reilly's office has filed legislation to increase the penalties for hacking, but the bill has not yet been acted on by the state Legislature, he said.
Under that measure, anyone convicted of a serious hacking incident such as breaking into a pharmacy's computer system, downloading customers' personal information and posting it to another website, could be sentenced to up to five years in state prison, Grossman said. Such a crime would be considered a felony.
Someone convicted of a lesser, misdemeanor hacking offense such as unlawful trespassing could be sentenced to up to 2 1/2 years in prison. Currently, Grossman said, both such crimes are considered misdemeanors and thus subject to the maximum penalty of 30 days behind bars.
"These statutes were passed in the early '90s, when no one envisioned [what's happening now], and the state didn't comtemplate the damage that could be done," Grossman said.