The Register reports that attackers compromised an American city's network by using a long-active account belonging to a former employee, "Greg from Auditing," whose privileges reportedly included domain admin, SCADA operator, and help desk access. The intruders moved through municipal systems, manipulated conference-room devices, and changed water utility settings by turning multiple controls off.
Why it matters: This is a real-world critical-infrastructure compromise caused by basic identity and access management failures, with potential public-safety impact. Municipal and ICS operators should review dormant accounts, privilege assignments, and password reuse risks immediately.
2026.05.21
100% relevant
This article is the first item here establishing the specific incident: a city-network intrusion and water-system control access enabled by an undeleted ex-employee account.
← Back to all stories