Credit Union Identified in Fired Employee IT Revenge Case

Juliana Barile, who deleted more than 21 gigabytes of data as an act of revenge when fired from her job, was employed at the $7.9 million Penn South Federal Credit Union in New York City.

When prosecutors announced Barile pleaded guilty to one felony count of computer intrusion last month, they did not identify the credit union, her title or for how long she worked there. Court documents only identified the credit union in New York, N.Y., “an entity the identity of which is known to the United States Attorney” of the Eastern District of New York based in Brooklyn.

Customarily, credit unions are identified in federal court documents when they are victimized by criminals or those charged with crimes committed against financial institutions. However, in this case, federal prosecutors and the U.S. Attorney’s office did not respond to CU Times’ request to explain why the credit union’s identity was not disclosed in any court documents, including the information document that detailed Barile’s crime, the plea deal, a press release and a 60-minute transcript of the court hearing on Aug. 31 when the former employee pleaded guilty.

A source who spoke on the condition of anonymity, noted that Matthew Barile, who is believed to be related to Juliana Barile, has served on Penn South’s board of directors since at least 2012, according to its NCUA profile reports.

From June 2012 to December 2017, Matthew Barile served as Penn South’s board chair, and in 2018 and 2019, he was the board’s vice chair. The credit union’s 2020 profile report showed that Matthew Barile was a supervisory committee member and remained on that committee through the end of the March 2021. He was not listed as a board member or as a supervisory committee member, according to Penn South’s profile report filed with the NCUA at the end of the second quarter.

Penn South’s part-time President/CEO Robert Pillartz did not respond to three phone and three email messages requesting comment.

Juliana Barile’s attorney declined comment when reached Thursday.

Two days after she was fired on May 19, she remotely accessed the credit union’s file server from her Brooklyn home, and within 40 minutes, she deleted more than 20,000 files and 3,500 directories, totaling 21.3 gigabytes of data, according to court documents.

The deleted data included files of mortgage loan applications and the credit union’s anti-ransomware protection software. Barile also opened confidential files, including documents containing board minutes of the credit union.

“In an act of revenge for being terminated, Barile surreptitiously accessed the computer system of her former employer, a New York credit union, and deleted mortgage loan applications and other sensitive information maintained on its file server,” Acting U.S. Attorney Jacquelyn M. Kasulis said in a prepared statement when Barile’s guilty plea was announced on Aug. 31.

Penn South’s loan portfolio listed 172 real estate loans/lines of credit worth $5,339,847 and seven unsecured loans/lines of credit worth $122,812, according to its June 30 Call Report. Additionally, the credit union’s previous Call Reports showed that Penn South exclusively provides mortgage loans and listed no other loans in its portfolio for new or used vehicles, student, credit card, personal or payday alternative loans.

On the day Barile was fired, someone at Penn South requested from its IT support firm that it disable her access to the credit union’s computer system, but it was not disabled, according to court documents.

Although Penn South did back up some of the data that Barile deleted, prosecutors said the credit union has spent more than $10,000, so far, to remediate the IT issues.

Even though prosecutors said in a press release that Barile can face up to 10 years in prison, transcripts of her plea hearing indicated that prosecutors are expected to recommend a prison sentence of six to 12 months.

During the court hearing, Barile made the following statement: “On or around May 25 of 2021, I logged into the credit union’s computer with my credentials and deleted shared files. This occurred after termination, when I did not have authorization to log in or touch any of the information. I am guilty of the charges and I’m pleading guilty to it.”

Barile’s sentencing hearing has not been scheduled.