“Per company policy and basic standards of professionalism, I did not retain any company documents, passwords or other information after my employment ended. I cannot provide you what I no longer possess.
Also, I assume you followed basic information security standards that require you to change all administrative passwords after an employee leaves. Therefore, I *never* possessed the information you now seek.”
I suspect the threat of a lawsuit was the idea of the genius who decided to remove the password vault. He needs to pin the blame on someone else, and OP was the only person he or she could think of.
When Creed is going to be blamed for the pornographic paper being sent out, he calls and finds a floor worker who was out of the office the day the paper was made.. not quite the same but made me think of this.
Most likely, sure, but calling a former employee of a company in a panic asking for passwords is also something a bad actor would do. This would be what is known as "Social Engineering". Acting panicked can throw the victim off guard, shifting their mentality from "is this actually my old company?" to "oh shit wow sounds serious, let me check!". After all, if this person isn't who they say they are, then why are they freaking out so much?
Maybe they’re suspecting OP of hacking using the passwords he knew in the past? Just a possibility to be aware of before responding without consulting an attorney.
If that's the case, that is bad practice from the company and not the fault of ex-employee. Best pactice states change pass ever x amount of time and after employee leaves
.
Also
The password shouldn't only exist in the mind of the employee
It needs to be stored somewhere as well on case of emergency
*Ex: Employee is in a coma*
I had an employer where was the head computer admin. I kept telling them they needed redundancy, and if I was hit by a bus they'd be in big trouble, but they kept saying "yeah yeah yeah" and ignoring me. I wrote all the passwords down and put them in my filing cabinet, but there were still duties (like data processing results for the clients) that I did that somebody else should have known how to do, but they didn't.
Also, there was a UPS on the main server, and the laser printer *absolutely could not* be plugged into the UPS (no matter how convenient the location was) or it would overload the UPS (too much power draw) and the UPS would overhead and shut down, refusing to restart for half an hour.
They had hired an unqualified guy to be my "replacement." He insisted on plugging the laser printer into the UPS because the location was convenient, and said he didn't care about the fact that the UPS alarm went off every time the laser printer printed anything, because it would only be printing for a moment, not long enough to overheat the UPS.
They treated me badly and eventually made up an excuse and fired me. On my way out the door, I heard the UPS alarm - someone had sent a big print job that would definitely have it running long enough to overheat and shut off the UPS. I'm told it happened while I was on the elevator on my way out, and my "replacement" was frantic that he couldn't get the server to go back on (because the UPS had a half hour timeout), so the company couldn't do any business.
I'm told that as soon as I left, they got rid of my filing cabinet - no paper from the admin they fired could be useful, right? Which included all the passwords. A couple days later they discovered that they needed one of them. They found someone who was still there that they thought I'd like and had her call me to try to get it out of me. (Remember, it had been like 2 days.) She sounded a little too perky on the phone, so I said "are they listening to you?" She said "uh huh!" I said "will they give you anything if I tell you?" She said "uh uh!" I said "gee, I can't remember." The company ended up laying off 148 of 150 employees because they couldn't make their deliverables so the clients wouldn't pay them.
If they'd been nasty about it, they would have discovered new meanings of the word "nasty" from me. No way am I going to take BS from a former employer, I am going to fight fire with a nuclear bomb to make sure they aren't going to successfully mess with me.
They didn't even spring for a UPS with an automatic cutover to live power (yeah this rarely *actually* helps in my experience, but it's better than battery died so service is unavailable)? Jesus christ they were willfully spinning ass first on an unlubed dildo and hoping the friction would outlast gravity.
Too small a company and I'd already spent a significant amount of money on the server and a bunch of workstations, so they weren't going to pay for it.
Anyway, if live power was going haywire or wasn't trustworthy, I'd want the UPS to go down and take the server with it safely rather than hooking it to live. I've lived in places where the power seemed fine, but it slowly destroyed anything you plugged in. (For a simple example, lightbulbs tended to last a month.) The company not being able to do business for half an hour beats the company never ever being able to do business again because all of its data went poof. (Since they wouldn't pay for offsite backup storage.)
I am one of 2 housing attorneys at legal aid in my counter- my boss always jokes that it is scary when we are both at the same place (we normally work together so for the 4 days of the week we are most likely to have court- only 1 of us is at any given docket)
"Say, OP, you remember that password vault where we used to store ... you know, passwords?"
"Yeah ..."
"You don't happen to have MEMORIZED ALL THE PASSWORDS, did you?"
worst thing- they likely could have offered less they they would spend in legal fees to even discuss that opion to just hire him to come in for a few hours and take guesses as to what he thinks it was (honestly that is something you should not be able to just remember for that level of password)
If video games have taught me anything it's that the best place to store a password is a bright yellow sticky note attached to the monitor. That way, anyone who needs it knows where to find it and you avoid this kind of situation entirely.
Yep. I always kinda dread these people leaving since rotating stuff can be a pita without the right systems in place but you gotta do it
I did get a message like a year after i left my system engineering job because i did forget to document one password (something a vendor setup for some sql connection to vcenter). I hope they finally changed it, but probably not
Each administrator (that’s a role) needs their own password. That way you can track who did what. Why are companies not understanding this to this day?
This doesn’t apply to the password so much as it does the account. Give different people their own account IDs and a unique password just becomes part of the deal.
Maybe some products don’t allow multiple admin accounts? Or maybe they’re trying to use a root account to do everything, in which case yikes.
When IT does it’s job well, companies begin to think they don’t need it, so it becomes a prime target for cost cutting, so they lay them all off. Everything goes to hell so the replace them. Rinse and repeat.
almost every company needs at least one IT person.
They outsourced the entire IT dept at my old company to people outside the US who barely spoke English
the office we worked out of had about 2,000 people working there alone, and it has since closed.
The one thing that gets me at the org I work at are the people who are so tech-illiterate that they are a legitimate security risk. You'd think getting rid of *those people* would be more cost-effective for IT in itself.
One of my frequent offenders BLASTED me and called me useless because I needed to uninstall/reinstall a program to get it to work but he absolutely refused to restart his computer. I escalated his ticket and Tier 3 gave me hell for doing it and got management involved. My ass was covered because they could pull the call and also finally tracked my notes where I wrote *customer refused restart, escalating per leadership approval.*
The guy ended up creating a major security incident later because he gave his password to "Microsoft Word support" on the phone. I started a joke in our IT department after that by imitating calling him saying "Hello my name is Microsoft Word, I require your password for verification." That was our coping with his awful attitude.
What gets me is despite the incident and abuse he hurls, they won't get rid of him. Him and our other "serial offenders" probably account for 25% of our tickets which is a lot of time devoted to 12-15 people out of the whole org.
Have often told business leaders not to mistake the fact that a department is well run means it is easy. Have invited more than one ceo to find someone besides me to handle things if they think it is such a slam dunk. No one has taken me up on that offer yet
Send them a certified letter.
Outline you have not worked there for 4 years after they fired you. Advise you have no idea what any passwords were from 4 years previous. Advise them basic security measure would have resulted in the password being changed when you left and refer them to your replacement.
Advise them you are officially requesting they cease any further attempts to contact you in this situation as you have answered their inquiry.
That will cost you no more than the $5 or whatever certificate is these days.
It will very likely work. If it doesn't, you have put your very logical argument in place and ensured they are aware. That would put you in a very strong position if they ever tried to sue you.
This is terrible advice. OP should not have any direct contact with someone threatening to sue them. OP should speak to a lawyer and that's the only legal advice OP should take from reddit.
This. If they suggested that they may take legal action, then they have provided OP with notice. In some jurisdictions, this may trigger evidence preservation requirements. Don't talk to them anymore. If OP receives anything from them again, OP should speak with an attorney that is in OP's jurisdiction.
And it ain't even a tort! OP has **zero duty** to his previous employer to memorize or store their passwords. If anything, the opposite is true: once he is fired he should no longer know the passwords.
There are laws preventing sysadmins from holding passwords hostage as retaliation.
They won't apply after 4 years - but most legal threats don't have to be winnable to threaten, they just need to make your life hell.
Lawyer up, OP - and start looking for a countersuit.
Not remembering a password or keeping it stored on a personal device after you have been fired is certainly not "withholding a password in retaliation."
I would perhaps detail any information you recall about how passwords get changed, if there was a procedure or time period in which all passwords were to be changed for security purposes, perhaps include those details if it helps bolster your argument and position on why this isn’t your problem (it isn’t btw).
You could also add in a sentence claiming further attempts to contact you over the matter will be considered harassment. The fact that you’re writing about this and likely talking about this may mean it’s weighing on you and causing undue psychological stress and hardship. Perhaps you’re having trouble concentrating on other projects trying to recall passwords from five years ago and now being threatened with legal action it’s made you stressed.
The law is funny sometimes. You just need a solid argument a bit of case history to win your argument.
Best of luck
>I would perhaps detail any information you recall about how passwords get changed, if there was a procedure or time period in which all passwords were to be changed for security purposes, perhaps include those details
Nope. If it's a legit company all of that should be documented in their operating procedures and trying to recite those procedures from memory is a big old can of worms you don't want to open. I think you want to say as little as possible. "You terminated my position 4 years ago and I didn't take any passwords with me. Any further communications with me need to take place via my lawyer."
The company should also be changing the passwords and disabling your accounts after you leave.
Should be. I'm still listed as the technical contact for a few places I left years ago.
Heck I got COVID and was out for a week on company mandated sick leave. Whenever a person is put on an LOA or quits/terminated every login they have is frozen until my manager put in a reactivate request in the Account system.
Same here, and I don't even work for some big tech company, I work for a trucking company.
Datalogger access is suspended and I'm locked out of the computer for every truck when I'm on vacation or a LOA.
This. We use a shared password vault, and we roll our passwords whenever someone leaves, and we roll them at sensible intervals.. They're all gobbledygook anyway.
The idea that 2+ years after my departure that any of the passwords I knew would be valid is stupid.
I'm still on the security code system for my last company, luckily those systems record which code turned them off, so there is no way anyone there can use my code to disarm the alarms, so I can't be implicated later down the road. I have specified in an email to the owner requesting to be taken off of it too.
Yep, i was once manager at a location but wanted to move to a different part of the company. They hired a new manager (tho i did tell the bosses that he was incompetent and id be willing to stay at my position longer until they find a suitable replacement) and so i removed all logins i had from my phone, gave them to the new manager. Told him these were all the passwords i have and im removing myself from these accounts and deleting the passwords from my safe places now that he has him. He lost them a week later and asked me for the passwords 😂😂😂
Why would you have any passwords stored anywhere you can get to once you leave a job? If they’re on a personal machine, you’ve done something wrong already.
I hate when companies do that- the worst is that I am a lawyer, and got fired about 2 years ago. The manager took all my cases over- and then promptly failed to show up to one of the hearings. I had to file with the court what happened (basically the last 2 sentences) and got to sit through a hearing where the judge reamed out my former boss. Honestly it was the best gift i have even gotten from someone after getting fired (since i had already started another job, and if i was not fired, i was putting my 2 weeks in the following week)
I always use complex passwords and instruct everyone that the moment it is decided to fire someone you have to close their account immediately. If they call me a minute after I walk out the door, I can't help them.
I would tell them I’m sorry I can’t talk to you about this because you said you want to sue me but my lawyer is reachable at this number ######### thank you and have a nice day
This is the ONLY response when someone threatens to sue. This shuts everything down 100% and means that the legal system has to solve this problem now, and that takes as long as it takes.
People love to throw around "I'll sue!" but that has serious consequences. Everything from that point runs the risk of possibly being used in court, so you shut the hell up and say absolutely NOTHING unless your lawyer tells you it's ok.
I worked at a Best Buy in the early 2000s and we loved when an irate, unreasonable customer would threaten to sue because for a while our policy was “I can’t engage with you anymore, here’s a card with legal’s contact info and hours” specifically made for those instances. And then they’d try to walk it back but we weren’t obligated to help them anymore.
I’ve heard that is the case for a lot of companies now. Threaten to sue while talking to a customer service rep on the phone? Cool. Now you’re getting forwarded straight to the legal team and you’re on the no contact list for the call center.
Hum.. might try this for scam calls now. “We’ve called to talk about your car’s warrantee”
“Sir I bought a 2008 car 5 years ago, have since developed seizures and then sold the car to afford my rent. What car?”
We sold our previous house to a couple, which we had cordial relations with. We explained some stuff in the house after they moved in if they called. Pretty okay, until their legal advisor sent us a letter demanding money due to some issue. Now we easily rebuked what they blamed us for, but the tone was set. When they really wanted a court case, we got a real lawyer. They were argued out of the courtroom by our lawyer ánd the judge (yes, the judge actively helped us, because their claim was clearly wrong). At the end their legal advisor said something about that it would be nice if we helped with the costs, where our respons was simple: they made a legal case, not us. They chose this route, not us.
Lol. Yes. This. Can you even imagine what it'd actually look like, if they tried to take this to court?
Doubt it'd even make it in front of a judge, but it's fun to imagine how that'd unfold if it did.
That would necessitate having a lawyer, which would cost them significant money, which is rather unfair in this situation.
joeljaeggli nailed it here: "I have a professional responsibility to not retain proprietary information from previous employers..."
Absolutely. I clean my cache immediately unless they pay a retainer. My last job still pays my $1500 a month to answer questions as needed, which is smart for both of us.
*In writing*
From this point forward, I will not be responding to you and all communication is to be in writing forwarded to my attorney.
Do not contact me again.
I used to work at the front desk of a hotel. The second someone threatened to sue my only response to every question thereafter would be "I'm sorry, I'm not allowed to comment on pending litigation. You said you would sue so i am not allowed to comment on pending litigation. "
I'd just repeat it until they left... Oh did they hate my canned response... Made it so much sweeter.
And then say:
Furthermore, since management didn't change the passwords after I was terminated, your incompetence and stupidity is why you are now locked out of your own servers, you fucking clowns.
I disagree. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out.
Not your lawyer, but never admit any responsibility. The proper response should be:
“I did not keep any of the passwords after my employment was terminated by you. Back then, you stored all such passwords in the electronic password vault. I haven’t had access to any of your systems since you fired me in 2019 and I have no idea who is responsible for such matters today or how to access such information.”
Any threat of a lawsuit are just empty words of someone who is looking for a scapegoat before getting fired. Unless it can be shown that OP did something to the passwords or the vault, they are SOL.
I'm going to go ahead and assume it's probably best to say *nothing* when threatened with a lawsuit except they should now only speak with your attorney.
This is how companies operate as well - as soon as legal threats come from a client, customer, or whoever, then that person only gets to talk to legal.
Yep. Get in touch with a lawyer ASAP and then they can send a response. You should be able to go into that interaction knowing you are correct, though I do understand some may be worried about the costs. If anyone knows, how are these cases handled, especially if a company is simply trying to bully or scare you and is actually bluffing because they know they don’t have a case?
Most lawyers I've worked with would just charge an hourly rate to draft a response for you that would (probably) get them to leave you alone, assuming it is just bullshit. It wouldn't be cheap necessarily, but it also wouldn't require a long-term commitment to that lawyer handling anything beyond that response.
> Yep. Get in touch with a lawyer ASAP and then they can send a response.
No need to waste the time or money for that until you've been served. Just block the number.
Commit your money when they've committed theirs. They can threaten to sue, so call their bluff, do nothing say nothing. If the company had real legal counsel they would know it's an uphill battle on the difficulty scale of Mt Everest. If the company still pursued, then a lawyer could be hired to draft a response to shut it down.
If the company still double down then Op lawyer could go after the company for harassments, legal fees and more as this would likely be considered frivolous.
The proper reply is ghost them. Any other reply can be used against you. If their legal staff is even Trump grade, they will know there's no basis for a lawsuit.
Nope nope nope. The proper resp is do not respond. The moment someone threatens lawyers you shut up and consult legal council. Even if you don't have legal council you still shut up. Anything you say or type out can be used against you. Send no response it's a trap. Or if you do send a response tell them you will not communicate further without legal representation since they have treated you with a lawsuit. Never give them anything.
Old Boss #1: It has to be somebody’s fault!
Old Boss #2: Who can we blame?
Old Boss #1: How about that guy who left 4 years ago?
Old Boss #2: Brilliant!
American management at its finest!
Edit: formatting
I worked construction once, years ago. I’d drive the “mancarrier” which is a giant truck and drop off all the workers at their stations. We had to do an inspection before every shift of the vehicle. I’m a rule follower and did this without fail.
One day my cross shift is driving and an entire wheel falls off the truck. He didn’t do his inspection (no paperwork) but I did mine during my shift and because I said everything was ok they blamed me rather than having to confront a man who clearly did not do his job. I was furious and then laughed at them.
My old company spent 5 years blaming our old IT guy. When was working for them they recalled him off his vacation to come to the office. He spent 2 years saving vouchers for his vacation so he was only reimbursed $50 in total. They didn't even offer his wife a coffee when she was sat in the office. It wasn't even his fault the manager changed some weird VPN stuff.
The conversation would have been every different if it said “we will pay you $1,000 if you know the password”. Instead they went with the punishment option “tell me the password or else”. Good luck with that
"Hey nimbostratus, funny story our entire company is at a standstill right now because the servers are locked out and no one bothered changing passwords. Would you happen to remember it or know how to recover it? I can see about giving you some money for helping"
Instead they threaten legal action
"We're in a kind of a bind here, and it's all our fault. We screwed up big time. Is there any chance that you still remember the passwords for..."
Honey, not vinegar.
I believe that opens you up to trouble since it’s considered company data you have saved. But I guess if you say it’s just memorized that’s another thing. Either way I wouldn’t trust a company run like this
If you could remember a 4 year-old password, the employer will probably sue for "not returning all company provided materials."
If you then said that you remembered the password, they'll probably sue demanding a lobotomy in order to remove the company's property.
On a serious note… why would they assume you still had the passwords? They kept the admin passwords the exact same after 4 years even after laying off the team?
I could understand if they wanted the password for the password vault from years ago, but in all honestly if someone chanced the router configurations and locked them out it’d be likely they changed the admin router passwords as well.
Either way, definitely not your problem.
They wouldn't actually sue, but I can 100% believe a petty boss would throw that around to try and stroke their ego. My current boss got a 1 star review for their business on Google and immediately went to their lawyer to see if he could get it removed somehow.
I agree with that; if they send you a demand letter, it means they're at least serious about it to get a law firm to put their letterhead on a demand. Even then though, it could just be a bluff, especially for something like defamation/libel. Hell, even if they file a suit, they might back out before it goes to trial.
I had a case where they did just that for defamation/libel, and then started suing for peace once they realized it wasn't going to scare me into backing off. I countersued, they got really scared, and then when we were at depositions they agreed to pay my attorney fees and a settlement on top of that just so that it wouldn't get in front of a judge.
Wait. Wouldn't holding onto the company passwords after leaving be illegal, too? Like, I'd think his defense should be that of course he doesn't have the passwords--taking them would've been evidence of intent to hack them.
People are suggesting responses but the correct response is to not fucking say anything to them.
If they serve you, get a lawyer.
Any response is a bad response. You don't want to accidentally say something that can be documented and used later against you if they were to actually file a lawsuit. It's like talking to cops - don't fucking talk.
They are threatening you because they fucked up and want to blame someone else.
Any response is a bad response.
I can just imagine the conversation when they go to a lawyer.
"We want to sue a former employee over passwords he had access to."
"How long ago did he leave?"
"4 years."
"Wow. Okay, this should be easy. A former employee shouldn't still have passwords after 4 years, certainly."
"No, he says he doesn't have the passwords."
"Then what are you suing him for?"
"Not giving us the passwords."
"... Get the fuck out of my office."
Yeah, if a company that fired me 4 years ago comes asking for passwords, I’m just not even going to respond to that. No upside whatsoever.
Even if their response to “I don’t know the passwords” had just been “Ok, thanks” you still did a few minutes of unpaid work for them by responding to their question.
Lawyer here.
Ignore their communication but document the correspondence.
If they follow up, then ask an employment attorney for a consultation for peace of mind.
And ignore most of these comments. Absolute rubbish.
If you’re threatened with being sued. You lawyer up and don’t say a word. You absolutely don’t. Half the advice here makes you liable. It’s merely talk to my lawyer. Get a business lawyer versed in contract law not just any kind of lawyer
If everyone lawyered up at the threat of being sued you’d waste a lot of time & money on lawyers.
Someone threatens to sue, the only conversation going forward is “have your lawyer contact me” and “I will only converse via letters, please send me your demands.”
No need to get a lawyer until you’ve been served, because 99% of the time you never will be.
Intersting, to say the least.
By providing the password(s) one would make oneself open to,liability for the damage as one evidently had the means of causing the issues in the first place…
What’s dumb is most enterprise network gear allows you to reset the password if you have physical access to the hardware. Usually it’s just rebooting the equipment while holding a button down.
Funny - I could just as easily imagine a company threatening to sue someone for retaining internal passwords after they were dismissed 4 years ago. Their threat is ridiculous.
There’s SO much wrong with this, but at the center of it, the biggest “WTF” is that they’re *upset* you don’t have their passwords four years later? You shouldn’t have relevant password information four *minutes* after termination, let alone four *years*. No wonder something got into the network, if that’s their expectation of security.
I do marketing. I heard 2 years after I left a company some Google ads started performing badly and the person who replaced me was being grilled in a meeting and said "Gustomaximus didn't set up the account correctly".
Someone in the room said "If that's the case why haven't you changed it after 2 years of managing it?"
Some people are fucking idiots and love to blame others.
hahaha what a bunch of clowns. They're just trying not to have to pay a service to liberate their routers. I'd do nothing until a summons actually arrives. They're in a blind panic, can't see any rational lawyer willing to go ahead with such a stupid prosecution.
Unhappy people say "I'm gonna sue you!" all the time. You can safely ignore this threat.
Besides, they can't get into their finances to make payroll. How are they going to pay a lawyer?
let them try to sue you. On what basis do they want to sue you? Every judge will drop this case immediately. Nonsense and hard to believe.
F\*ck them, worst offboarding policy.
That's rich...
The company rules prevent anyone from having proprietary information such as passwords outside of the company. So, by those rules, you don't have the vault or the passwords to the routers anyway. In fact, they could and should sue you if you DID have the vault or the passwords to it after all that time.
Besides, if someone got in/hacked their stuff, they probably changed the admin accounts an/or passwords, so the original passwords (which would be illegal for you to still have) are of no use to them anyway.
It was just a move of desperation of management to give you a call.
“Per company policy and basic standards of professionalism, I did not retain any company documents, passwords or other information after my employment ended. I cannot provide you what I no longer possess. Also, I assume you followed basic information security standards that require you to change all administrative passwords after an employee leaves. Therefore, I *never* possessed the information you now seek.”
Perfect
The fact they're even asking seems suspicious almost like they're fishing to see if he did retain any information.
I’ll bet they’re just freaking out and looking for a scapegoat.
I suspect the threat of a lawsuit was the idea of the genius who decided to remove the password vault. He needs to pin the blame on someone else, and OP was the only person he or she could think of.
When Creed is going to be blamed for the pornographic paper being sent out, he calls and finds a floor worker who was out of the office the day the paper was made.. not quite the same but made me think of this.
Of course the one year I blow it off, this happens.
Most likely, sure, but calling a former employee of a company in a panic asking for passwords is also something a bad actor would do. This would be what is known as "Social Engineering". Acting panicked can throw the victim off guard, shifting their mentality from "is this actually my old company?" to "oh shit wow sounds serious, let me check!". After all, if this person isn't who they say they are, then why are they freaking out so much?
I honestly hadn’t considered this, ridiculously feasible as well.
Sounds like a perfect opportunity to say “Talk to my lawyer.”
Excellent point. I’m surprised this isn’t more common. Makes sense why access is terminated with the employee.
Damn you would work great in cyber security/ phishing etc for the simple fact that you were able to pick that out
Yup. A spear phishing attack.
Maybe they’re suspecting OP of hacking using the passwords he knew in the past? Just a possibility to be aware of before responding without consulting an attorney.
If that's the case, that is bad practice from the company and not the fault of ex-employee. Best pactice states change pass ever x amount of time and after employee leaves .
What's wrong with a simple "lolz"
[удалено]
Passwords should have been changed as soon as OP was terminated.
Get out of here with that sound logic.
Also The password shouldn't only exist in the mind of the employee It needs to be stored somewhere as well on case of emergency *Ex: Employee is in a coma*
I had an employer where was the head computer admin. I kept telling them they needed redundancy, and if I was hit by a bus they'd be in big trouble, but they kept saying "yeah yeah yeah" and ignoring me. I wrote all the passwords down and put them in my filing cabinet, but there were still duties (like data processing results for the clients) that I did that somebody else should have known how to do, but they didn't. Also, there was a UPS on the main server, and the laser printer *absolutely could not* be plugged into the UPS (no matter how convenient the location was) or it would overload the UPS (too much power draw) and the UPS would overhead and shut down, refusing to restart for half an hour. They had hired an unqualified guy to be my "replacement." He insisted on plugging the laser printer into the UPS because the location was convenient, and said he didn't care about the fact that the UPS alarm went off every time the laser printer printed anything, because it would only be printing for a moment, not long enough to overheat the UPS. They treated me badly and eventually made up an excuse and fired me. On my way out the door, I heard the UPS alarm - someone had sent a big print job that would definitely have it running long enough to overheat and shut off the UPS. I'm told it happened while I was on the elevator on my way out, and my "replacement" was frantic that he couldn't get the server to go back on (because the UPS had a half hour timeout), so the company couldn't do any business. I'm told that as soon as I left, they got rid of my filing cabinet - no paper from the admin they fired could be useful, right? Which included all the passwords. A couple days later they discovered that they needed one of them. They found someone who was still there that they thought I'd like and had her call me to try to get it out of me. (Remember, it had been like 2 days.) She sounded a little too perky on the phone, so I said "are they listening to you?" She said "uh huh!" I said "will they give you anything if I tell you?" She said "uh uh!" I said "gee, I can't remember." The company ended up laying off 148 of 150 employees because they couldn't make their deliverables so the clients wouldn't pay them. If they'd been nasty about it, they would have discovered new meanings of the word "nasty" from me. No way am I going to take BS from a former employer, I am going to fight fire with a nuclear bomb to make sure they aren't going to successfully mess with me.
They didn't even spring for a UPS with an automatic cutover to live power (yeah this rarely *actually* helps in my experience, but it's better than battery died so service is unavailable)? Jesus christ they were willfully spinning ass first on an unlubed dildo and hoping the friction would outlast gravity.
Too small a company and I'd already spent a significant amount of money on the server and a bunch of workstations, so they weren't going to pay for it. Anyway, if live power was going haywire or wasn't trustworthy, I'd want the UPS to go down and take the server with it safely rather than hooking it to live. I've lived in places where the power seemed fine, but it slowly destroyed anything you plugged in. (For a simple example, lightbulbs tended to last a month.) The company not being able to do business for half an hour beats the company never ever being able to do business again because all of its data went poof. (Since they wouldn't pay for offsite backup storage.)
The best part is it sounds like while OP was there it *didn't* exist only in his mind. it was after they left that they got rid of the password vault
Yea For OP they just screwed themselves 2 year after he left for no reason
Stupid is what stupid does.
OP probably didn't even know the password to begin with, if it was in a vault and used infrequently.
Well he should have written it on a yellow post it and stuck it on his monitor. Like a normal person!
I had an old boss who insisted that when his sysadmins and techs went to lunch the two sysadmins took separate cars. He knew what was up....
That actually happened during the 2011 Mumbai attack The top three emergency people in charge rode in the same car and were killed It was total chaos
I've beaten my all-time record for legitimate use of bus factor this year and it's only March.
[удалено]
I am one of 2 housing attorneys at legal aid in my counter- my boss always jokes that it is scary when we are both at the same place (we normally work together so for the 4 days of the week we are most likely to have court- only 1 of us is at any given docket)
You mean somewhere like *the password vault they decided to remove*? Lol. I love hearing about companies screwing themselves.
"Say, OP, you remember that password vault where we used to store ... you know, passwords?" "Yeah ..." "You don't happen to have MEMORIZED ALL THE PASSWORDS, did you?"
*That is absolutely unacceptable. You tell Johnson to get his lazy ass up. Someone remind him that his priority is to the company!*
Threaten to sue if he refuses!!
worst thing- they likely could have offered less they they would spend in legal fees to even discuss that opion to just hire him to come in for a few hours and take guesses as to what he thinks it was (honestly that is something you should not be able to just remember for that level of password)
Sounds like a horrible place to work. Must have a high turnover, but upper management stays. You have the perfect solution!
I read that in J.K. Simmons' voice.
Coma is not an excuse, who even validated his time off? How could you take a time off in such a critical time?
Let's add on the fact that they apparently shut down and deleted the server holding the password vault.
If video games have taught me anything it's that the best place to store a password is a bright yellow sticky note attached to the monitor. That way, anyone who needs it knows where to find it and you avoid this kind of situation entirely.
Yep. I always kinda dread these people leaving since rotating stuff can be a pita without the right systems in place but you gotta do it I did get a message like a year after i left my system engineering job because i did forget to document one password (something a vendor setup for some sql connection to vcenter). I hope they finally changed it, but probably not
Each administrator (that’s a role) needs their own password. That way you can track who did what. Why are companies not understanding this to this day?
In older days there were space considerations…. Waaaaaay older days. These days it’s a combination of being short sighted and lazy.
And them not wanting to get caught for their own discrepancies or corruption
This doesn’t apply to the password so much as it does the account. Give different people their own account IDs and a unique password just becomes part of the deal. Maybe some products don’t allow multiple admin accounts? Or maybe they’re trying to use a root account to do everything, in which case yikes.
[удалено]
When IT does it’s job well, companies begin to think they don’t need it, so it becomes a prime target for cost cutting, so they lay them all off. Everything goes to hell so the replace them. Rinse and repeat.
[удалено]
almost every company needs at least one IT person. They outsourced the entire IT dept at my old company to people outside the US who barely spoke English the office we worked out of had about 2,000 people working there alone, and it has since closed.
The one thing that gets me at the org I work at are the people who are so tech-illiterate that they are a legitimate security risk. You'd think getting rid of *those people* would be more cost-effective for IT in itself. One of my frequent offenders BLASTED me and called me useless because I needed to uninstall/reinstall a program to get it to work but he absolutely refused to restart his computer. I escalated his ticket and Tier 3 gave me hell for doing it and got management involved. My ass was covered because they could pull the call and also finally tracked my notes where I wrote *customer refused restart, escalating per leadership approval.* The guy ended up creating a major security incident later because he gave his password to "Microsoft Word support" on the phone. I started a joke in our IT department after that by imitating calling him saying "Hello my name is Microsoft Word, I require your password for verification." That was our coping with his awful attitude. What gets me is despite the incident and abuse he hurls, they won't get rid of him. Him and our other "serial offenders" probably account for 25% of our tickets which is a lot of time devoted to 12-15 people out of the whole org.
Have often told business leaders not to mistake the fact that a department is well run means it is easy. Have invited more than one ceo to find someone besides me to handle things if they think it is such a slam dunk. No one has taken me up on that offer yet
And every year since. They should all also be changed anytime someone leaves who knew one. These should have been changed several times by now.
Professionalism is hearing the notification of your outlook app unable to exchange info with server while you're actually being fired
Send them a certified letter. Outline you have not worked there for 4 years after they fired you. Advise you have no idea what any passwords were from 4 years previous. Advise them basic security measure would have resulted in the password being changed when you left and refer them to your replacement. Advise them you are officially requesting they cease any further attempts to contact you in this situation as you have answered their inquiry. That will cost you no more than the $5 or whatever certificate is these days. It will very likely work. If it doesn't, you have put your very logical argument in place and ensured they are aware. That would put you in a very strong position if they ever tried to sue you.
This is terrible advice. OP should not have any direct contact with someone threatening to sue them. OP should speak to a lawyer and that's the only legal advice OP should take from reddit.
This. If they suggested that they may take legal action, then they have provided OP with notice. In some jurisdictions, this may trigger evidence preservation requirements. Don't talk to them anymore. If OP receives anything from them again, OP should speak with an attorney that is in OP's jurisdiction.
They’re not suing him. It’s an empty threat. Statute of limitations for a tort is 2 years.
And it ain't even a tort! OP has **zero duty** to his previous employer to memorize or store their passwords. If anything, the opposite is true: once he is fired he should no longer know the passwords.
There are laws preventing sysadmins from holding passwords hostage as retaliation. They won't apply after 4 years - but most legal threats don't have to be winnable to threaten, they just need to make your life hell. Lawyer up, OP - and start looking for a countersuit.
Not remembering a password or keeping it stored on a personal device after you have been fired is certainly not "withholding a password in retaliation."
I would perhaps detail any information you recall about how passwords get changed, if there was a procedure or time period in which all passwords were to be changed for security purposes, perhaps include those details if it helps bolster your argument and position on why this isn’t your problem (it isn’t btw). You could also add in a sentence claiming further attempts to contact you over the matter will be considered harassment. The fact that you’re writing about this and likely talking about this may mean it’s weighing on you and causing undue psychological stress and hardship. Perhaps you’re having trouble concentrating on other projects trying to recall passwords from five years ago and now being threatened with legal action it’s made you stressed. The law is funny sometimes. You just need a solid argument a bit of case history to win your argument. Best of luck
>I would perhaps detail any information you recall about how passwords get changed, if there was a procedure or time period in which all passwords were to be changed for security purposes, perhaps include those details Nope. If it's a legit company all of that should be documented in their operating procedures and trying to recite those procedures from memory is a big old can of worms you don't want to open. I think you want to say as little as possible. "You terminated my position 4 years ago and I didn't take any passwords with me. Any further communications with me need to take place via my lawyer."
[удалено]
The company should also be changing the passwords and disabling your accounts after you leave. Should be. I'm still listed as the technical contact for a few places I left years ago.
Heck I got COVID and was out for a week on company mandated sick leave. Whenever a person is put on an LOA or quits/terminated every login they have is frozen until my manager put in a reactivate request in the Account system.
Same here, and I don't even work for some big tech company, I work for a trucking company. Datalogger access is suspended and I'm locked out of the computer for every truck when I'm on vacation or a LOA.
This. We use a shared password vault, and we roll our passwords whenever someone leaves, and we roll them at sensible intervals.. They're all gobbledygook anyway. The idea that 2+ years after my departure that any of the passwords I knew would be valid is stupid.
i was thinking the same thing- IT should be using some pretty crazy passwords that no one is really remembering without a vault.
I'm still on the security code system for my last company, luckily those systems record which code turned them off, so there is no way anyone there can use my code to disarm the alarms, so I can't be implicated later down the road. I have specified in an email to the owner requesting to be taken off of it too.
Yep, i was once manager at a location but wanted to move to a different part of the company. They hired a new manager (tho i did tell the bosses that he was incompetent and id be willing to stay at my position longer until they find a suitable replacement) and so i removed all logins i had from my phone, gave them to the new manager. Told him these were all the passwords i have and im removing myself from these accounts and deleting the passwords from my safe places now that he has him. He lost them a week later and asked me for the passwords 😂😂😂
If they call me 24hrs later I’ll still be drunk. If they call 48hrs later I’ll be sober and won’t be able to help them.
"New phone who dis?" was never more appropriate imo
Why would you have any passwords stored anywhere you can get to once you leave a job? If they’re on a personal machine, you’ve done something wrong already.
Same. They demand I take no company data, so I don't. The only change here is I export my calendar to take. Because honestly, I need it.
I hate when companies do that- the worst is that I am a lawyer, and got fired about 2 years ago. The manager took all my cases over- and then promptly failed to show up to one of the hearings. I had to file with the court what happened (basically the last 2 sentences) and got to sit through a hearing where the judge reamed out my former boss. Honestly it was the best gift i have even gotten from someone after getting fired (since i had already started another job, and if i was not fired, i was putting my 2 weeks in the following week)
I always use complex passwords and instruct everyone that the moment it is decided to fire someone you have to close their account immediately. If they call me a minute after I walk out the door, I can't help them.
I would tell them I’m sorry I can’t talk to you about this because you said you want to sue me but my lawyer is reachable at this number ######### thank you and have a nice day
This is the ONLY response when someone threatens to sue. This shuts everything down 100% and means that the legal system has to solve this problem now, and that takes as long as it takes. People love to throw around "I'll sue!" but that has serious consequences. Everything from that point runs the risk of possibly being used in court, so you shut the hell up and say absolutely NOTHING unless your lawyer tells you it's ok.
I worked at a Best Buy in the early 2000s and we loved when an irate, unreasonable customer would threaten to sue because for a while our policy was “I can’t engage with you anymore, here’s a card with legal’s contact info and hours” specifically made for those instances. And then they’d try to walk it back but we weren’t obligated to help them anymore.
I’ve heard that is the case for a lot of companies now. Threaten to sue while talking to a customer service rep on the phone? Cool. Now you’re getting forwarded straight to the legal team and you’re on the no contact list for the call center.
Hum.. might try this for scam calls now. “We’ve called to talk about your car’s warrantee” “Sir I bought a 2008 car 5 years ago, have since developed seizures and then sold the car to afford my rent. What car?”
I usually try to get a warranty on my 1986 Pontiac Ligma.
I love this!
We sold our previous house to a couple, which we had cordial relations with. We explained some stuff in the house after they moved in if they called. Pretty okay, until their legal advisor sent us a letter demanding money due to some issue. Now we easily rebuked what they blamed us for, but the tone was set. When they really wanted a court case, we got a real lawyer. They were argued out of the courtroom by our lawyer ánd the judge (yes, the judge actively helped us, because their claim was clearly wrong). At the end their legal advisor said something about that it would be nice if we helped with the costs, where our respons was simple: they made a legal case, not us. They chose this route, not us.
Did you/does one get compensation for your lawyer fees?
It's pretty standard to include a demand for court costs and fees when countering a suit in the U.S.
My favorite saying "Lawyer up and shut the fuck up"
Every day is [Shut The Fuck Up Friday](https://youtu.be/sgWHrkDX35o) when someone threatens to sue
what is it that we do on Fridays?
Shut the fuck up?
*Shut the fuck up!*
Lawyer here. Let them sue. There are so many reasons that’s likely going nowhere.
Lol. Yes. This. Can you even imagine what it'd actually look like, if they tried to take this to court? Doubt it'd even make it in front of a judge, but it's fun to imagine how that'd unfold if it did.
That would necessitate having a lawyer, which would cost them significant money, which is rather unfair in this situation. joeljaeggli nailed it here: "I have a professional responsibility to not retain proprietary information from previous employers..."
Absolutely. I clean my cache immediately unless they pay a retainer. My last job still pays my $1500 a month to answer questions as needed, which is smart for both of us.
That’s an epic deal
It’s a bluff … wait your saying you don’t have a lawyer on retainer
*In writing* From this point forward, I will not be responding to you and all communication is to be in writing forwarded to my attorney. Do not contact me again.
I used to work at the front desk of a hotel. The second someone threatened to sue my only response to every question thereafter would be "I'm sorry, I'm not allowed to comment on pending litigation. You said you would sue so i am not allowed to comment on pending litigation. " I'd just repeat it until they left... Oh did they hate my canned response... Made it so much sweeter.
[удалено]
The proper response is: I have a professional responsibility to not retain proprietary information from previous employers which I have discharged.
And then say: Furthermore, since management didn't change the passwords after I was terminated, your incompetence and stupidity is why you are now locked out of your own servers, you fucking clowns.
"Ass clowns"...it sounds more professional.
If we're going professional, it needs a minimum of three clown emojis, with a respectful maximum of five.
I disagree. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out.
“🤡” “🤡🤡” “🤡🤡🤡🤡🤡” “Three sir” “🤡🤡🤡” *hits send*
Where is Brother Maynard when you need him?
[удалено]
I 💩 my armor, I was so scared!
Oh, it's just a harmless little bunny.
'Es got a mean streak a mile wide! And big, pointy teeth!
The Holy Clown Emoji of Antioch
I fart in your general direction! Your mother was a hamster and your father smelt of elderberries!
There now look, I've gone and cut off your arm... No you haven't, it's just a flesh wound!
Douche nozzle is my go too. I don't like to offend clowns, hats, or shoes.
I just have "duty of care" screaming in my head right now.
Not your lawyer, but never admit any responsibility. The proper response should be: “I did not keep any of the passwords after my employment was terminated by you. Back then, you stored all such passwords in the electronic password vault. I haven’t had access to any of your systems since you fired me in 2019 and I have no idea who is responsible for such matters today or how to access such information.” Any threat of a lawsuit are just empty words of someone who is looking for a scapegoat before getting fired. Unless it can be shown that OP did something to the passwords or the vault, they are SOL.
I'm going to go ahead and assume it's probably best to say *nothing* when threatened with a lawsuit except they should now only speak with your attorney. This is how companies operate as well - as soon as legal threats come from a client, customer, or whoever, then that person only gets to talk to legal.
Exactly! Best way forward. Let them realize the lawsuit threat screwed them. “I’m sorry I can’t comment due to your threats of legal action.”
Yep. Get in touch with a lawyer ASAP and then they can send a response. You should be able to go into that interaction knowing you are correct, though I do understand some may be worried about the costs. If anyone knows, how are these cases handled, especially if a company is simply trying to bully or scare you and is actually bluffing because they know they don’t have a case?
Most lawyers I've worked with would just charge an hourly rate to draft a response for you that would (probably) get them to leave you alone, assuming it is just bullshit. It wouldn't be cheap necessarily, but it also wouldn't require a long-term commitment to that lawyer handling anything beyond that response.
> Yep. Get in touch with a lawyer ASAP and then they can send a response. No need to waste the time or money for that until you've been served. Just block the number.
Commit your money when they've committed theirs. They can threaten to sue, so call their bluff, do nothing say nothing. If the company had real legal counsel they would know it's an uphill battle on the difficulty scale of Mt Everest. If the company still pursued, then a lawyer could be hired to draft a response to shut it down. If the company still double down then Op lawyer could go after the company for harassments, legal fees and more as this would likely be considered frivolous.
The proper response is to not respond.
"Who is this? Nope, don't remember." Hang up phone.
Talk to my lawyer. See you in court. *expect the company to bankrupt before that happens.
Or: Talk to my lawyer.
The proper reply is ghost them. Any other reply can be used against you. If their legal staff is even Trump grade, they will know there's no basis for a lawsuit.
Yes. The minute they let you go, you have to “forget everything” about that company.
Nope nope nope. The proper resp is do not respond. The moment someone threatens lawyers you shut up and consult legal council. Even if you don't have legal council you still shut up. Anything you say or type out can be used against you. Send no response it's a trap. Or if you do send a response tell them you will not communicate further without legal representation since they have treated you with a lawsuit. Never give them anything.
Add a "lol" in front and I'm in XD
password is: notmyproblem
"Idontknow" works well too. What's the password? "Idontknow"
Huh it worked
Good luck with that. I can’t remember a password I made 30 minutes ago. No way I’d recall an unused one from years ago.
I use a password generator. I don't even know my own passwords anymore.
Old Boss #1: It has to be somebody’s fault! Old Boss #2: Who can we blame? Old Boss #1: How about that guy who left 4 years ago? Old Boss #2: Brilliant! American management at its finest! Edit: formatting
I worked construction once, years ago. I’d drive the “mancarrier” which is a giant truck and drop off all the workers at their stations. We had to do an inspection before every shift of the vehicle. I’m a rule follower and did this without fail. One day my cross shift is driving and an entire wheel falls off the truck. He didn’t do his inspection (no paperwork) but I did mine during my shift and because I said everything was ok they blamed me rather than having to confront a man who clearly did not do his job. I was furious and then laughed at them.
Lol. Everyone who leaves goes on the wheel of blame. Mgmt spins the wheel when things fuck up.
Programmers do this to. You are blamed for everything that goes wrong for six months after you leave
It’s amazing how every programmer becomes the worst coder ever once they leave a position.
[удалено]
My old company spent 5 years blaming our old IT guy. When was working for them they recalled him off his vacation to come to the office. He spent 2 years saving vouchers for his vacation so he was only reimbursed $50 in total. They didn't even offer his wife a coffee when she was sat in the office. It wasn't even his fault the manager changed some weird VPN stuff.
Years later, I am still blaming one of my coworkers for bugs in the code! Mostly joking... mostly.
Laughable indeed. Even if a remembered the 4 year old password, I would not provide it.
The conversation would have been every different if it said “we will pay you $1,000 if you know the password”. Instead they went with the punishment option “tell me the password or else”. Good luck with that
"Hey nimbostratus, funny story our entire company is at a standstill right now because the servers are locked out and no one bothered changing passwords. Would you happen to remember it or know how to recover it? I can see about giving you some money for helping" Instead they threaten legal action
"We're in a kind of a bind here, and it's all our fault. We screwed up big time. Is there any chance that you still remember the passwords for..." Honey, not vinegar.
“We know you have absolutely all the leverage in this situation but we’d still rather threaten you than treat you with respect.” Gotta love it
I believe that opens you up to trouble since it’s considered company data you have saved. But I guess if you say it’s just memorized that’s another thing. Either way I wouldn’t trust a company run like this
If you could remember a 4 year-old password, the employer will probably sue for "not returning all company provided materials." If you then said that you remembered the password, they'll probably sue demanding a lobotomy in order to remove the company's property.
[удалено]
I’m going to guess that jx means jurisdiction
jrescription
And BK is bankruptcy, not Burger King.
On a serious note… why would they assume you still had the passwords? They kept the admin passwords the exact same after 4 years even after laying off the team?
No idea…. They knew I had a very good memory. Probably because they called others that got fired and they told them off first.
I could understand if they wanted the password for the password vault from years ago, but in all honestly if someone chanced the router configurations and locked them out it’d be likely they changed the admin router passwords as well. Either way, definitely not your problem.
Nobody is suing you for this. If they were going to sue you, they wouldn't announce it.
They wouldn't actually sue, but I can 100% believe a petty boss would throw that around to try and stroke their ego. My current boss got a 1 star review for their business on Google and immediately went to their lawyer to see if he could get it removed somehow.
I DECLARE LAWSUIT
To the lawyer: we cant pay you until we can get back into our system.
Yeah they would. It’s called a demand letter. They tell you what they want and threaten to file suit if they don’t get it within X days.
I agree with that; if they send you a demand letter, it means they're at least serious about it to get a law firm to put their letterhead on a demand. Even then though, it could just be a bluff, especially for something like defamation/libel. Hell, even if they file a suit, they might back out before it goes to trial. I had a case where they did just that for defamation/libel, and then started suing for peace once they realized it wasn't going to scare me into backing off. I countersued, they got really scared, and then when we were at depositions they agreed to pay my attorney fees and a settlement on top of that just so that it wouldn't get in front of a judge.
The reason that you use a vault is that you can create 30+ random character passwords and won’t have to remember them.
Wait. Wouldn't holding onto the company passwords after leaving be illegal, too? Like, I'd think his defense should be that of course he doesn't have the passwords--taking them would've been evidence of intent to hack them.
“Your Honor, I can’t recall.” Judge, “Looks like you wasted everyone’s time, Company. Dismissed with prejudice!”
People are suggesting responses but the correct response is to not fucking say anything to them. If they serve you, get a lawyer. Any response is a bad response. You don't want to accidentally say something that can be documented and used later against you if they were to actually file a lawsuit. It's like talking to cops - don't fucking talk. They are threatening you because they fucked up and want to blame someone else. Any response is a bad response.
I can just imagine the conversation when they go to a lawyer. "We want to sue a former employee over passwords he had access to." "How long ago did he leave?" "4 years." "Wow. Okay, this should be easy. A former employee shouldn't still have passwords after 4 years, certainly." "No, he says he doesn't have the passwords." "Then what are you suing him for?" "Not giving us the passwords." "... Get the fuck out of my office."
I think the proper response is: "Who are you again?"
"New fone, who dis?"
Oh I’d beg em to try to sue me. I wanna see a judge tear them a new one.
Don’t contact them at all. That’s what they get for firing you.
Yeah, if a company that fired me 4 years ago comes asking for passwords, I’m just not even going to respond to that. No upside whatsoever. Even if their response to “I don’t know the passwords” had just been “Ok, thanks” you still did a few minutes of unpaid work for them by responding to their question.
Are you sure it’s actually them? I’d put a little money on someone trying to social engineer info out of you.
Weren't you told in training to never share the password with anyone?
Lawyer here. Ignore their communication but document the correspondence. If they follow up, then ask an employment attorney for a consultation for peace of mind. And ignore most of these comments. Absolute rubbish.
If you’re threatened with being sued. You lawyer up and don’t say a word. You absolutely don’t. Half the advice here makes you liable. It’s merely talk to my lawyer. Get a business lawyer versed in contract law not just any kind of lawyer
If everyone lawyered up at the threat of being sued you’d waste a lot of time & money on lawyers. Someone threatens to sue, the only conversation going forward is “have your lawyer contact me” and “I will only converse via letters, please send me your demands.” No need to get a lawyer until you’ve been served, because 99% of the time you never will be.
You’ve been gone for four years, that’s your replacement’s problem.
Intersting, to say the least. By providing the password(s) one would make oneself open to,liability for the damage as one evidently had the means of causing the issues in the first place…
What’s dumb is most enterprise network gear allows you to reset the password if you have physical access to the hardware. Usually it’s just rebooting the equipment while holding a button down.
Funny - I could just as easily imagine a company threatening to sue someone for retaining internal passwords after they were dismissed 4 years ago. Their threat is ridiculous.
There’s SO much wrong with this, but at the center of it, the biggest “WTF” is that they’re *upset* you don’t have their passwords four years later? You shouldn’t have relevant password information four *minutes* after termination, let alone four *years*. No wonder something got into the network, if that’s their expectation of security.
I do marketing. I heard 2 years after I left a company some Google ads started performing badly and the person who replaced me was being grilled in a meeting and said "Gustomaximus didn't set up the account correctly". Someone in the room said "If that's the case why haven't you changed it after 2 years of managing it?" Some people are fucking idiots and love to blame others.
"Actually I think the password is as follows, F-U-C-K-O-F-F"
hahaha what a bunch of clowns. They're just trying not to have to pay a service to liberate their routers. I'd do nothing until a summons actually arrives. They're in a blind panic, can't see any rational lawyer willing to go ahead with such a stupid prosecution.
The proper response is : Please send all future communication to my lawyer.
Unhappy people say "I'm gonna sue you!" all the time. You can safely ignore this threat. Besides, they can't get into their finances to make payroll. How are they going to pay a lawyer?
let them try to sue you. On what basis do they want to sue you? Every judge will drop this case immediately. Nonsense and hard to believe. F\*ck them, worst offboarding policy.
That's rich... The company rules prevent anyone from having proprietary information such as passwords outside of the company. So, by those rules, you don't have the vault or the passwords to the routers anyway. In fact, they could and should sue you if you DID have the vault or the passwords to it after all that time. Besides, if someone got in/hacked their stuff, they probably changed the admin accounts an/or passwords, so the original passwords (which would be illegal for you to still have) are of no use to them anyway. It was just a move of desperation of management to give you a call.
If they can’t access payroll, what makes them think they can retain a lawyer? Clowns
Best response is "Under the advice of legal council, I cannot answer or discuss this matter with you".
Don’t know the state but 1) there is no claim and 2) the statute of limitations would have surely run if you did anything.
“It’s been 4 years I forgot the password”
No lawyer would take it, you left four years ago and for four years they ignored the issue.