Richard Clayton Wozniak, a 41-year-old resident of Palm Coast’s P Section, was arrested Wednesday on five felony charges following a Florida Department of Law Enforcement investigation that found him to have allegedly carried out a cyber attack on his company’s computer infrastructure in retaliation for the company firing him. The attack crippled some of the company’s functions.
“Dude I think I got my company in a choke hold,” Wozniak, the father of two young children, is alleged to have written in a message to someone after the cyber attack.
The Spice and Tea Exchange, an online and in-store retailer originally founded in St. Augustine and based in Palm Harbor, hired Wozniak as an IT System Administrator in mid-October 2024. (The FDLE refers to it as The Spice and Tea Company.) He was fired last Jan. 14. “Within minutes, the company’s firewall, E-mail, and physical security was infiltrated,” FDLE’s warrant states, resulting “in completed deletion of company data.”
A human resources executive at the company told the FDLE investigator that while Wozniak’s position was being eliminated, he had “displayed very concerning behaviors while employed,” such as having a short fuse. The day of the firing he was working from home. The HR executive called him at noon to let him know he was fired. The conversation lasted just under 10 minutes.
According to the warrant, Wozniak “made several threatening statements prior to terminating the call. For one, [he] had stated ‘your company is not prepared for what is coming your way.’”
Almost as soon as he was fired the company would have disconnected him from its firewall and restricted access. That was to be done while the HR executive was still on the phone with Wozniak. But in what appeared to have been a movie-like race between IT employees, Wozniak was a step ahead of his ex-IT colleague at the Spice and Tea Exchange. He’d logged into the system at the same time that his colleague was racing to restrict access. Wozniak “overtook” him and the entirety of the business’ email access. The company “immediately lost access to the company firewall and emails,” the warrant states. Wozniak removed the firewall and obstructed business “continuity.”
He’d left one of his company laptops at the office. His colleague opened it–there was no expectation of privacy with a company laptop–and noticed that Wozniak’s logon to his Chrome and Gmail accounts was automatic, and that it was syncing his other devices with his work computer, a violation of company policy. Within an hour or so of his firing, his history showed he had searched for “Florida Unemployment” and “Palm Coast Lawyers.”
The colleague also discovered that an email filtering service blocking spam and malware had been removed, requiring 3,800 emails to be manually approved. The company was no longer able to log into its own firewall and eventually learned from the Meraki Sysco Company, which provided the firewall data for the Exchange, that the company was deleted from Meraki’s database. So there were no logs of the attack Wozniak allegedly orchestrated.
FDLE confirmed that the last user to make changes to the account had a username of “r.wozniak.” FDLE also subpoenaed information from Google and was informed by Charter Communications of further data that led to Wozniak’s house on Prince Michael Lane. Circuit Judge Chris France signed a search warrant, which was served on April 25.
Wozniak that day acknowledged his role when he was IT administrator but denied accessing the firewall.
France signed the FDLE warrant for his arrest on July 7. On Wednesday, Wopzniak was driving his Jeep Grand Cherokee on State Road 11 in Flagler County when he was pulled over by a Flagler County Sheriff’s deputy, arrested, and taken to jail, where he was booked and soon released on $25,000 bond.
He faces three charges of computer fraud, a charge of tampering with computer intellectual property and a charge of unlawful use of a two-way communication device. Four of the charges are third-degree felonies, each with a maximum penalty of five years in prison. One of the charges is a second-degree felony, with a 15-year maximum if convicted.
JimboXYZ says
He was better than they thought he was, yet they were better than he thought they were. When someone is terminated, it’s not unusual for them to search what their options are for unemployment benefits & potential lawsuits as a terminated ex-employee. Most employers will wait until the end of the employees shift and then expire a userid & password with no reset option ? Then the employer acts like they don’t know what they did in the middle of the night while others were sleeping. That should be when any HR Gestapo might get involved to clean up the loose ends. City of Palm Coast has probably been on the cusp of that litigation for the way things were handled ? One has to weight the satisfaction of getting even vs what it may escalate into, like this has. Wonder what the real story was with that employer or employee, behind everything from hire to termination ?
“A human resources executive at the company told the FDLE investigator that while Wozniak’s position was being eliminated, he had “displayed very concerning behaviors while employed,” such as having a short fuse. The day of the firing he was working from home. The HR executive called him at noon to let him know he was fired. The conversation lasted just under 10 minutes. ”
Sounds like they already had this timeline worked out with a position elimination, who knows how much of it was manufactured about having a short fuse ? As for the employment termination, he was probably one step behind them as the employer’s end of it unfolded ? But they were 1 step behind him on the IT side of it. Shame if it goes down that way. As it turned out, they dropped the unexpected “bad news” on him, he gave them that back. Would’ve been interesting to have seen the co-workers scrambling to beat him to each step in a total denial of service ? They almost come off as bumbling incompetent rookies for not having coordinated the termination from the IT end of it. The WFH, it’s not like security badge access to a building was denied. At least he didn’t have to drive in to the facility for that bad drama show.
KATIE STARK says
Always, always, always sign out the IT person so they cannot access anything before you fire them. When will people learn????
Atwp says
Will he go to prison? Probably not.
Mike says
The guy with the same last name as the co-founder of Apple pulls a Michael Bolton from Office Space.
Kevin says
Rule #1
ALWAYS deactivate an employees users account ( all of their credentials ) before termination. Especially it being fired for cause. This is nothing personal, it’s just good IT business practice, and prevents things like this
HayRide says
He allegedly launched an attack after being fired! It’s unclear whats the problem?
Steve Jobs says
Not as smart as my Wozniak
Matt says
He’ll never be able to get that mustang gt now.
Shawn says
Sources say he previously was employed by the Flagler county sheriffs office as well smh