That's right, but consider they should have also revoked all the access for the remote devices. They had the power (maybe not the knowledge, but who's fault is that?) to do so, but did nothing. Unless you start out outsourcing all your IT to trusted shops, you must maintain some sort of knowledge base on whatever it is that is running in an enterprise. Every single one does things differently, yet they use mostly all the same tools to do so. Shitcanning your top guy, then hoping the deadwood can figure out things from documentation that is probably older than the universe, is not a recipe for a successful IT department. The problem being the will of the company to build a mighty IT mountain, then throw out all the expensive people who built it, hoping for a big cash money payday when their high tech thing just keeps working without anybody to manage it. It's small time thinking. They got what they paid for. Who's to say this isn't an attempt to cover up a screw up by the idiots who tried to manage the systems after that guy left? And why did they need outside help to figure out what was going on? I smell rats on both sides of this equation.