Maxwell Schultz, a 35-year-old IT contractor from Ohio, has pleaded guilty to a malicious cyber attack on his former employer, which resulted in over $862,000 in damages. The incident unfolded on May 14, 2021, when Schultz, having been fired, gained unauthorized access to his ex-employer’s network by impersonating a fellow contractor. He executed a PowerShell script to reset approximately 2,500 passwords, effectively locking out thousands of employees and contractors across the United States.
According to federal prosecutors, the attack disrupted critical operations, including customer service functions, and incurred significant costs related to system recovery and downtime. Schultz admitted to attempting to cover his tracks by deleting system logs and clearing PowerShell window events, though some of these efforts were partially successful. The Department of Justice noted that the breach caused extensive operational disruption, with the company facing mounting financial and reputational losses.
The case has underscored the vulnerabilities of corporate networks to insider threats, particularly when employees retain access credentials post-termination. Schultz, who faces up to 10 years in prison and a $250,000 fine, is scheduled for sentencing on January 30, 2026. Authorities have not disclosed the identity of the affected company, though local media speculate it may be Waste Management, a Houston-based firm. This incident serves as a cautionary tale for organizations about the importance of revoking access promptly and implementing robust cybersecurity protocols to prevent similar breaches.