Computacenter IT Guy Let Girlfriend Into Deutsche Bank Server Rooms, Says Fired Whistleblower

A now-former manager at Computacenter claims he was unfairly fired after alerting management that a colleague was repeatedly giving his girlfriend unauthorized access to Deutsche Bank's server rooms.

Computacenter is a globe-spanning British IT services provider that, in the USA, operates computers systems for Deutsche Bank at the latter's New York offices. It's an IT supply deal said to be worth more than $50 million, and these computers are packed with millions of sensitive private banking records and transactions for hundreds of thousands of customers.

In 2023, James Papa was a service delivery manager at Computacenter, and Deutsche Bank was one of his clients in the US. The New Jersey man claims he was fired in July that year after raising concerns that one of the Computacenter workers he supervised at Deutsche Bank repeatedly had let his Chinese girlfriend, Jenny, into the bank's server rooms without permission.

The worker also allegedly allowed his 40-something partner to use his laptop and work account while it was plugged into the Deutsche Bank IT network.

According to a lawsuit brought by Papa in New York alleging unlawful termination – which names Computacenter, Deutsche Bank, and the financial giant's veep of datacenter operations Marc Senatore – CCTV evidence shows the bank's security team let Jenny into the server room with her boyfriend without formal authorization in a clear breach of protocol. These visits occurred repeatedly from March to June 2023 – on days Papa was not on site – even after Papa told the employee to knock it off, it is claimed.

Papa further alleges he learned that Jenny has "significant computer expertise," informed management of the security breach, and advised them to disclose it to America's securities watchdog, the SEC.

However, the lawsuit claims, after blowing the whistle, Papa was hauled into a meeting with Computacenter and Deutsche Bank's lawyers and the finance house's security staff, and was "aggressively interrogated" for some time.

"Each time Mr Papa pointed out DB's obvious and egregious security failures in allowing Jenny entry into headquarters, DB's lawyer and DB's security representatives at the meeting became agitated and even more aggressive in their behavior toward Mr Papa," his lawsuit [PDF] reads.

• Whistleblower describes DOGE IT dept rampage at America's labor watchdog
• US defense contractor cops to sloppy security, settles after infosec lead blows whistle
• Facebook whistleblower calls for transparency in social media, AI
• Report claims FAA ignores most whistleblower complaints

At the end of one such meeting, Papa was suspended from his job. The following month he was fired, allegedly at the instigation of Deutsche Bank and Senatore for bringing attention to the security failure. He also claims the SEC wasn't informed of the incident, which is a corporate reporting requirement.

He was basically being scapegoated

"He was basically being scapegoated; he said that no one was acknowledging it," Papa's attorney Christopher Brennan told The Register Tuesday.

"This is Deutsche Bank security, they're the ones who let this person in," Brennan claimed.

"Jenny's not an employee of Computacenter, she doesn't have any credentials, and yet they let her in. And every time he brought that up, then Deutsche Bank's attorneys went crazy and somehow wanted to blame him, as if he was responsible for the breach."

After being axed, Papa alleges he was told the two companies had watched Jenny on CCTV, including watching her touching the servers run by the bank, but had yet to determine either her identity or what she was up to. He said he was the only person fired as a result of the reported incident.

Papa's lawsuit, filed Monday, alleges the two businesses and its veep broke New York's whistleblower protection laws and were negligent. He is seeking more than $20 million after he "suffered significant emotional, physical and monetary damage."

Computacenter and Deutsche Bank did not have comment at time of going to press. ®