Former Disney Employee Engages in Malicious Activities, Including Tampering with Allergy Information and Inadvertently Disclosing Confidential Colleague Data

A former employee of a prominent entertainment company has been sentenced to three years in prison for committing computer fraud and aggravated identity theft following a digital sabotage campaign aimed at the organization. The individual is also required to pay restitution amounting to nearly $688,000.

The accused, who previously held the position of menu production manager at a major theme park, initiated his campaign after being dismissed for misconduct in June 2024. He gained unauthorized access to the internal menu creation system utilized by the park’s restaurants and deliberately misrepresented certain food items as allergy-safe, despite the fact that they were not. This included mislabeling foods containing peanuts as peanut-free, a hazardous alteration for individuals with allergies. Additionally, the perpetrator manipulated wine region labels to reference locations associated with recent mass violence.

Further tampering included price alterations, the insertion of obscene language, redirecting QR codes to a site promoting a boycott related to geopolitical issues, and changing the font style to Wingdings—a symbolic font that complicates readability.

Fortunately, the company was able to identify the unauthorized changes prior to any customer exposure.

Scheuer’s actions extended beyond menu alterations; he deployed an automated bot to engage in repeated login attempts on at least 14 employee accounts, effectively locking out staff members and rendering their accounts inoperable. Investigators subsequently discovered a folder on his computer containing personally identifiable information (PII) of various employees. This practice, known as “doxing,” involves the collection and public exposure of personal information to intimidate or harass individuals.

After his arrest in October 2024, the individual pleaded guilty and expressed regret over his actions; however, prosecutors advocated for a 70-month sentence given the severity and implications of his conduct.

His legal counsel noted that the defendant remained remorseful and apologized to all affected parties, while also emphasizing that the court took their arguments into consideration, resulting in a sentence significantly shorter than what the prosecution sought.

Several cybersecurity lapses were evident during this incident:

– The organization should have promptly disabled the accounts associated with the disgruntled employee, particularly as the circumstances surrounding his termination were contentious.

– Despite using a VPN, the individual’s range of IP addresses remained consistent with those used during his employment, which should have raised alarms.

– The decision to utilize the Wingdings font disrupted the menu system to such a degree that it inevitably facilitated detection of the tampering.

– Mislabeling food items to falsely indicate they were free of allergens posed potential life-threatening consequences.

This case underscores the critical necessity for robust cybersecurity measures and the importance of proactive response strategies to mitigate potential internal threats.