When Deleting Data Becomes a Crime: DBA Sentenced to 7 Years

Recently a colleague vented about work frustrations, exclaiming, "I really want to delete the database and run away!" This reminded the author of a 2018 incident where a Shanghai company, Weimob, suffered billions in losses after a disgruntled operations staff deleted its database.

More recently, Lianjia announced that a former DBA maliciously deleted 9 TB of data and was sentenced to seven years in prison.

The case details are as follows:

Han, a 40‑year‑old male, was a database administrator at Lianjia (Beijing) Technology Co., Ltd. On June 4, 2018 at around 14:00, he used his root privileges on the company’s financial system server to delete financial data and related applications, rendering the system inaccessible. Restoring the system cost the company 180,000 CNY.

After the incident, an internal investigation found that only five staff members had access to the financial system. Four voluntarily handed over their laptops and passwords, but Han refused to provide his password or admit wrongdoing, making him a prime suspect.

Police investigation revealed that Han had been transferred to the technical support department in February 2018 and was dissatisfied with the move, leading to absenteeism and tardiness.

Surveillance footage showed Han arriving at work around 11:00 and leaving around 18:00 on the day of the deletion, matching the time window of the data loss.

The Haidian District People's Court convicted Han of "destroying computer information systems" under Article 286 of the Criminal Law and sentenced him to seven years in prison.

Han appealed, claiming the surveillance evidence was insufficient and that MAC address records were inconsistent. However, forensic analysis confirmed that the IP address used to log into the server (10.33.35.160) was assigned to a device with the hostname Yggdrasil, which matched Han’s computer. Although his MAC address differed, evidence showed he used software to spoof the MAC address, and logs tied his actions to the deletion commands (rm, shred).

The appellate court rejected his arguments and upheld the original judgment.

The article concludes by urging programmers to manage emotions and avoid irreversible actions like data deletion, emphasizing that the law will ultimately hold offenders accountable.