A former Canadian Pacific Railway information technology professional was sentenced to a year and a day in prison on Tuesday after he intentionally damaged the railway’s computer network in 2015.
Christopher V. Grupe, 46, of Minneapolis, was found guilty of willfully damaging a protected computer by jurors in federal court in October after a five-day trial. After returning from a 12-day suspension for insubordination in December 2015, Grupe was told he was fired from his job at the Alberta-based railway’s U.S. headquarters in Minneapolis, and he retaliated by infiltrating the railway’s private network.
“Christopher Grupe chose to seek revenge on his employer by abusing company assets and insider knowledge that was entrusted to him to make the railroad safer, not more dangerous,” Assistant U.S. Attorney Tim Rank said in a statement. “Today’s sentence is an appropriate consequence for the defendant’s deliberate and malicious actions.”
Grupe was given the option to resign on Dec. 15, 2015. In his resignation letter, he said he would return all company property, including his laptop, remote access device, and access badges, to the CPR office, according to the news release.
Two days later, Grupe used both his laptop and remote access device to gain access to the network and deleted files and removed or changed passwords on administrators’ accounts, then wiped his company laptop’s hard drive before returning it.
Canadian Pacific discovered the damage a few weeks later and successfully tracked logging data in the main network linked to Grupe, then hired an outside company to identify the source and scope of the intrusion, which also connected the damage to Grupe.
Grupe’s attorney told the Star Tribune in October that his client’s suspension was attributed to increased stress from “working around the clock,” which led to him “yelling at [his boss] and using some language he probably shouldn’t have.”
Trevor Squire is a University of Minnesota student on assignment for the Star Tribune.