Insider Threat: Jail Sentence for IT Worker Who Exploited Privileged Access, Changed Credentials After Suspension

• Mohammed Umar Taj, an IT Worker from Huddersfield, was given a jail sentence for cybercrimes against his former employer
• He exploited privileged access and altered IT credentials, disrupting communications with the clients in the UK, Germany, and Bahrain
• His revenge plan caused the company over £200,000 in business losses and reputational damage

An IT worker was sentenced to custody for cybercrime committed as an act of revenge against his former employer, launched just hours after his suspension. With the intent to impair the operation or hinder access to a computer, Mohammed Umar Taj, 31, from Huddersfield, England, began targeting the firm’s IT System.

He was suspended in July 2022, after which he exploited the privileged system access he had retained from his time as an employee.

Acting as an insider threat, Taj illegally accessed the company’s premises and changed login credentials. The following day, he modified access permissions and tampered with the company’s multi-factor authentication setup, disrupting communications with the firm’s clients in the UK, Germany, and Bahrain. 

He also recorded himself narrating the malicious activities on his phone. The recordings were recovered by the West Yorkshire Police Cyber Team during their investigations. 

His actions resulted in over £200,000 in business losses and inflicted reputational damage. Taj appeared before Leeds Crown Court on June 26, 2025, where he was sentenced to seven months and 14 days in custody. 

“By doing this, he created a ripple effect of disruption far beyond the shores of the UK,” said Detective Sergeant Lindsey Brants of West Yorkshire Police’s Cyber Crime Team. “We urge all businesses to look at their network security,” Brants added.

The Taj case reflects a growing concern around insider-driven security breaches, incidents that are especially dangerous due to the attacker’s familiarity with internal systems.

“When considering insider threats, both outcomes and intent matter,” said Dr. Margaret Cunningham, Director of Security & AI Strategy at Darktrace. “Malicious insiders act deliberately to harm the organization—engaging in sabotage, theft, or fraud—and each of these comes with its own risk signature.

This is why we need to contextualize behavior, track deviations over time, and prioritize signals from high-risk individuals like ‘potential leavers.’”

In Taj’s case, the combination of physical access, technical permissions, and personal motive made the breach highly impactful. According to Ken Dunham, Cyber Threat Director at Qualys, this kind of risk is particularly difficult to prevent. “Insider risks are inherently more likely to cause significant damage to an organization,” Dunham said.

“An individual often knows when and where to strike—and how to bypass controls. The rise of AI tools internally only adds to the threat, enabling insiders to conduct reconnaissance and exfiltrate data unless strong DLP and LLM input controls are in place.”

The incident has also highlighted the importance of zero-trust architecture, particularly in managing privileged access. “Insider threats are among the most challenging for IT teams,” said Darren Guccione, CEO of Keeper Security.

Reinforcing Detective Sergeant Brants’ message, Guccione explained, “Organizations need to adopt least-privilege access strategies…”, “Organizations need to adopt least-privilege access strategies and routinely audit who has access to what. Privileged Access Management (PAM) solutions and periodic session monitoring are critical in reducing the blast radius of insider breaches.”

The delayed detection in cases like Taj’s often results from fragmented monitoring and trust-based access models. “Cybersecurity professionals define insider threats as risks from those who already have authorized access—but misuse it,” said Jason Soroko, Senior Fellow at Sectigo.

“Hybrid work, GenAI adoption, and complex IT environments make these threats harder to detect. Recovery is costly—ranging from system restoration and legal fees to loss of customer trust.”

Mohammed Umar Taj’s case is a reminder that insider threats are not theoretical; they are operational, emotional, and financially damaging. It also underlines the urgent need for organizations to shift from reactive cybersecurity to behavior-informed, zero-trust models that account for human risk as much as technical flaws.