why won’t anyone eat the last cookie, former employee still logging into database, and more

It’s five answers to five questions. Here we go…

1. There’s a rumor I had a physical fight with a staff member, but I didn’t

I just found out from one of my staff, Fergus, that two of his coworkers, Betty and Veronica, told him when he was hired a year ago that I had once gotten into a physical fight with a former staff member (Diana), and then called the police and had them escort her from the building.

Diana didn’t leave on the best of terms, but it happened because she’d found a better-paying job, not because I had her removed from the building. The two of us never even had a verbal fight, much less a physical one, and I certainly never called the police about her (or any other staff member!). Diana now works for another agency that we partner closely with, and the two of us have been able to work with one another just fine. In fact, that’s what brought the whole thing up; Fergus mentioned how surprised he was that I could still work with her so calmly, given what he’d been told.

I’m completely baffled about how this rumor got started, but I’m just as stumped about how to go forward. Unfortunately, Betty died of cancer about two months ago, and since Veronica was originally hired as Diana’s replacement, it’s a good bet the story originated with Betty.

I feel like I need to address this with Veronica, if only to ask her not to keep repeating the story (it apparently gets brought up every time a new person is hired), but I don’t want to come across as though I’m badmouthing Betty or accusing her of lying. She and I had our differences (apparently even worse ones than I’d thought!), but she was fundamentally a good person, and her death has been very hard on all of us.

What a bizarre rumor! I think you could raise this with Veronica without mentioning Betty at all! You could say something like, “I have a very odd topic to bring up with you! Fergus recently told me he’d heard (fill in details). I need to tell you that never happened, and never would happen! I can’t imagine where this came from, but I can assure you that Diana resigned voluntarily when she found another job, and we certainly never had her removed from the building! Apparently I’m also reported to have had a physical fight with her, which is utterly bizarre — nothing like that has ever happened here. And Diana and I have a very comfortable working relationship with each other.” You could then say, “I’m told this story gets retold to new hires, and obviously I want to ask you not to do that. It’s 100% untrue, and I imagine new hires would be awfully uncomfortable thinking that’s how we operate here. And of course, it’s certainly uncomfortable for me to know people are telling this odd story.”

Read an update to this letter here.

2. Former employee has been logging into our database for months

I am a database system administrator at a higher education institution and was out of the office for a while on FMLA. During that time, a coworker with whom I’d collaborated closely left for another job. He left on not-great terms because he wasn’t being given the resources he needed to do his job effectively and wasn’t willing to deal in the politics/play the waiting game until he could get them. I enjoyed working with him and understand why he chose to leave when he did. We traded personal contact information and have been in touch once since he left.

Today I was looking through some users and came across his name. I noticed that his user account was still active, and when I went to deactivate it, I found evidence that he’s been logging into our system for the past 2.5 months since he left the organization. I can’t find any evidence that he’s done anything nefarious despite the fact that he has full access to every part of the system, but I’m unsettled by these actions.

I’m not sure how to proceed at this point. I know my manager was swamped during my absence (our team is already too small to support its growing user base without me being gone), but this is a major oversight. I’ve asked and tried to set up processes regarding deactivating accounts, but with employees spread out over campus and no access to their administrative records, I have no way to know when someone leaves or changes positions. I feel like this is a good example of a time when something could have gone horribly wrong, but I’d be dragging my former coworker’s name through the mud to prove a point if I use this case in discussion.

Should I reach out to the coworker and tell him what I found? How should I address these future security issues with higher-ups when I have little standing to enforce anything and no access to that information? We’re dealing with student information, and I take their privacy and security very seriously but don’t feel like I have the necessary support to protect them effectively.

Don’t contact your coworker without first talking with your manager. Doing that would look too much like you were trying to help him cover up a pretty major breach of your systems. (In fact, it would be that.) This isn’t about throwing anyone under the bus. This is about alerting your employer to a serious security breach; what they want to do from there is up to them, but you are absolutely obligated to speak up (and have a duty of loyalty not to go to him first).

Once that’s done, you can certainly use this an example of why better policies are needed — but the first thing is to tell your boss what you found.

3. Why won’t anyone eat the last cookie?

I work at a small company (~20 people) and occasionally treats get left in the kitchen for everyone to enjoy. People will gladly eat the food all day until we get to the dreaded “last cookie.” No one will eat the last cookie and sometimes someone will even go so far as to cut the last cookie in half and leave the sad little half to languish away on the plate until someone has mercy on it and throws it out a day or two later. Why will no one eat the last cookie?

It happens with donuts too — someone will cut the last donut in half, and the someone will cut the half in half, and so forth.

It’s rooted in politeness — no one wants to take the last of something, in case someone else was hoping to have some and arrives to find none left. At some level, people worry that if they eat the last cookie/donut/piece of cake/whatever, they’ll be conveying, “I am more entitled to enjoy this cookie than whoever might come looking for it after me, and I do not care that I have created cookie scarcity for others.” (They don’t necessarily worry they’ll be conveying this to other people, who may never know that they took the last cookie. It’s more of an internal guilt thing.)

4. Recruiter says I need a “cover story” to hide that I spent eight months off with my baby

I am a 16 years into my impressive (I think) career with experience working in the government in DC and for commercial industry. I also have an MBA, a master’s in Policy and a BA. For the past four years, I worked at a very large aerospace company but was part of a RIF that occurred last September due to a merger. The situation was kind of stinky as I received notice while I was on maternity leave (not illegal, just an a-hole move). I received a package which allowed me to stay with my baby (my first) for several more months before I started actively looking for a new position.

I have been looking for several months now on my own and due to my industry not being strong in the state I live, it’s more difficult for me to find a job. Finding the aerospace position took just over a year last time. I have recently linked up with a recruiter who is very well connected and I think could really help me. He helped me revise my resume and LinkedIn profile and seems to know people at the companies I am interested in applying to.

The recruiter has said that I need to “come up with a story” for why I haven’t been working since last September. He suggests that I tell people I was consulting or doing small projects. I pushed back and said that I am not ashamed that I got to spent time with my daughter and that any person/company I work for should appreciate the value in that. He said that at “my level,” people don’t expect that and it will look negatively for me. My husband feels very uncomfortable with this lie and I am not sure either.

I’d give this recruiter a wide berth. It’s very normal to take parental leave, and there’s nothing wrong with being up-front that that’s what you were doing with that time. If you’d been out of the workforce for a much longer longer time — like years — he’d have a point that it’s better to be able to say you were doing projects of some kind (but not if that’s a lie, which is what he’s suggesting). But eight months of parental leave, particularly when it coincided with a layoff, is just not a big deal.

If you’re concerned that maybe he’s right about the norms in your field, check in with people you know and respect in your industry (ideally at the level you’d be working at or higher). But this guy sounds like a tool.

5. How to turn down a former boss who wants me to join his new company

My former boss (who is now more of a friend that I keep up with regularly) and I were both laid off around the same time. I joined another company in the same field while he started his own company, also in that field, as a direct competitor. He initially didn’t ask me to be part of it and I was a little miffed. Early on, though, he started hinting that he wanted me to come join his company when it gets off the ground more. At the time I told him it was a possibility because I was still seeing if I wanted to stay at my current company long term.

I’ve now decided that I do want to stay here, but he’s starting to ask me more forwardly about joining him. I keep changing the subject, being vague, and otherwise not addressing it head-on. I should have been more direct months ago, but I’m a coward. I don’t want to join his company at all and probably never will. How do I tactfully turn him down and keep our good relationship?

Just tell him! The longer you give vague answers, the weirder it gets. All you have to say is, “I really appreciate you thinking of me! I’ve given it a lot of thought, and I’ve decided to stay here for now.” If you want, you can add more context about why you’ve decided to stay (excited about the projects you’ve been given, seeing more upward mobility than you were earlier, or whatever it is), but you don’t need to add that if you don’t want to.

This is very normal — people turn down this kind of thing all the time! Just say it and let him move on so he’s not factoring you in with his planning.

{ 513 comments… read them below }

  1. Engineer Girl*

    #3 – from one aero to another – Don’t to it!
    He’s a sexist jerk. He wants you to lie.
    And it would all come out anyway when you refile for any security clearances. You have to report all your jobs.
    Fire him.

      1. Raine*

        From another aero, your trajectory is so normal and reasonable and everywhere I’ve ever worked would be considered the common sense background. RIFs are rough and that’s what the severance is for … to tide you over until the next job. Even if you don’t need a security clearance, this is still bad bad advice. Best of luck out there!

        1. Engineer Girl*

          I once had a crusty old aero guy tell me that the reason aero engineers are paid so much is to cover the times they were laid off. In short, it’s an expectation in aero that you’ll hit a RIF at some point.
          I always managed to get picked up on my next assignment before the layoff. But that’s hard to do on leave. And so many women take time off to have babies.

      2. AeroEngineer*

        From another female aero to another, don’t do it, for the same reasons Engineer Girl says, clearance or no.

        You took maternity, you hit a RiF, and you took extra time because you could, end of story.

        With 16 years experience, I don’t think any company you would want to work for would bat an eye. 8 months doesn’t even seem long, especially when you add a baby into the reason. I know many other engineers, mainly aero, who took more time off doing other things and had no problem.

        1. Long Time Reader, First Time Poster*

          “Any company you would want to work for” is the key phrase here. I was laid off in March and didn’t start a job search until August, because I got a decent severance package and it was a great opportunity to spend the summer with my kids. I was super honest about that when I started looking for work again, because any employer that *didn’t* respond with “oh yeah, great timing for you” was not going to be a an employer that understood that having a life is sometimes more important than having a job.

      1. blackcat*

        Depends on the field. I’m a female STEM academic, and I’ve definitely seen really awesome women get denied tenure due to having kids. At certain institutions in my field, a woman Does. Not. have a child before tenure. It’s seen as a lack of commitment to the work.
        But those departments are generally toxic in other ways, too. Like you better not have an aging parent, or even a dog with medical needs, lest you not put in 70-80 hours/week. No thank you.

        1. Yorick*

          I’m in social sciences, and I heard a (male) faculty member say that one maternity leave pre-tenure is fine and no one holds that against women, but two is just too much.

          1. blackcat*

            I guy I know well in a male-dominated STEM field failed to get tenure at a super elite institution, and it was 100% clear that his “lack of productivity” during his “extra” leave was held against him. The comments in his official denial letter included noting his “lack of commitment” to his work. His work was truly excellent and productivity very good–he was hired at the tenured level at a not super elite, but still elite institution after his denial. I heard multiple people in his field express shock at his denial only to say “Oh, yeah they don’t like that there” when I mentioned he took parental leave and actually, you know, parented during it. The only model of parenthood accepted in that department is someone who has a stay at home partner who does 100% of the parenting.

            What’s particularly shitty is, in many states it’s legal, so long as they are equally shitty to both men and women who take parental leave.

            1. Artemesia*

              The research demonstrates that now that men get the year parent leave as women do that it has actually widened the gap between men and women getting tenure. Woman who take the year off the tenure track to have a baby (this is rarely paid leave, it is the right to delay the tenure clock a year) take care of said baby; men who take the year off, publish during that year and thus increase their tenurability by having time without other responsibilities to build their vita. Obviously some men take the time to parent, but as with most things familial, women are usually disadvantaged even by parental leave.

            2. RUKiddingMe*

              That was shitty, but only one data point. There are sure to be others, but those instances are pretty much unicorns IME. Overall women are still being screwed over for having the audacity to reproduce, heal, and parent whereas males by a huge percentage are not.

              1. blackcat*

                I think it’s institution specific, and often department specific.
                My friend did learn that the same happened to another dude who was a hands on parent 5 years previously.
                And, for even-ness, a woman who graduated from that department was hired by my alma matter. when I gave a talk there, someone mentioned that this woman had a baby 4 weeks before starting her new job *and didn’t tell anyone.* Everyone at Toxic Department told her to not tell anyone that she had a kid (!!) let alone a baby.
                I do think women get screwed much more than men, but I the point I was trying to make is that some places that are horrible to women who dare reproduce are actually horrible to anyone who wants work-life balance.

            3. Nyltiak*

              My male advisor in my STEM field grad program has carefully timed both of his children to be born at the beginning of the summer, so that there is already a more relaxed attitude. His wife is a SAHM, and he plans to “take off” 2 weeks (i.e. do everything via email and skype he would do from his office) and then get gack to work

            4. JSPA*

              Saw tenure denied, largely for lack of productivity, to a guy who’s wife was dying very young from early onset dementia. Admittedly, he might also have been more cautious and less creative in his thinking for a couple of years; having to comb the streets because your no-longer-verbal wife has wandered away at 2 AM in her underwear can do that to someone.

          1. RUKiddingMe*

            I think it’s academia in general, but also the larger working world. It’s patriarchal and misogynistic.

      2. RUKiddingMe*

        Well you know…all those women making it difficult. If they’d just stay home and quit taking jobs that belong to the males…

        I mean it’s not like males are 100% as responsible for the existence of small humans as women are, they just don’t get penalized for it.

      3. Aisling*

        Have you been living under a rock for the last century? Although I wish this weren’t so, taking extra time off for a baby is still very much taboo in many industries, at least in the US. We haven’t gotten there yet.

    1. Willis*

      Agree! A layoff plus parental leave plus an industry that is hard to find a job in (at least in your state) would all add up to an 8-month gap being pretty understandable. (Of course it would also be understandable if staying home with her baby was the only factor…)

      Also, the risk of being caught in what would be a pretty big lie seems much more likely to hurt your candidacy than the gap. Wouldn’t they be asking about these consulting jobs, especially if it’s the most recent thing on a resume? OP could potentially have to make up a bunch of stuff in an interview if there’s follow-up questions.

      1. Myrin*

        And if she were caught, people would wonder why she felt the need to lie in the first place – was there something shady going on she was trying to hide? Has she been lying about other things, too? Would she feel like the best way to get what she wants is making stuff up? None of these are questions you want a prospective employer even thinking about.

        1. Falling Diphthong*

          Anecdatum: Recruiter told someone who’d been out of work for a while to backdate when his consulting gig started. This promptly drew the attention of the unemployment commission who’d been issuing him checks while he was out of work.

          Some recruiters seem to want to create a gap-free resume, but it’s just not the case that no one ever checks these things.

      2. LegalBeagle*

        This is a good perspective. I have a 1-year gap due to having a baby and relocating across the country. An interviewer asked me about it, and I sort of panicked and blamed it on the move because it does feel a little risky to mention (in a job interview) that I have a young child. But I think my answer came off a little evasive and weird, whereas the full truth makes perfect sense.

    2. Mookie*

      Also, isn’t he selling his own apparently sterling reputation short by pretending this’ll be the reason he won’t find her some promising prospects? Also, this dude should not have this good a reputation if he pulls this pre-historic shit on a regular basis. I’d spread the word, if you can.

      1. EPLawyer*

        How connected is this recruiter really if they give you this advice? What is his placement rate? More importantly how many people actually stay at the jobs he places? Because if he is giving the advice to lie, people are getting caught in the lie and either not getting hire or getting fired when they get caught. Neither one looks good for YOU long term.

        1. Michaela Westen*

          Yes, and if he advises you to lie to others, he will lie to you.
          Did you verify his reputation and connections? Or did you take his word for it?
          I agree with Mookie, his reputation needs to be corrected.

    3. Lynca*

      Yeah. No good would come of lying about something so banal and that should be a HUGE red flag.

    4. Seeking Second Childhood*

      Coming back to this after coffee.
      When I first read “come up with a story” I thought OP4 *HAS* a story — she got laid off during maternity leave so she took a longer maternity leave than she had planned.
      He’s not after a “story” – he’s asking her to lie.

      1. straws*

        This is exactly what crossed my mind. And stating it that way–“she took a longer maternity leave than she had planned”–doesn’t even exclude the idea that she may have been looking for work during the 8 months. Who’s to say she wasn’t actively looking but being pickier because the severance afforded her the time to be? None of her story raises a red flag to me. Lying about it does (for all of the great reasons already posted).

        1. RUKiddingMe*

          And why is 8 months considered excessive anyway? Hell it takes a couple if those months just to heal regardless of the fact that women get sent home 20 minutes after giving birth!

          1. Artemesia*

            Yes people casually arguing for equal parental league for men and women often seem to ignore the fact that this is a punishing physical event for many women — especially with a first baby and it can easily take a couple of months to recover physically from the birth.

            1. RUKiddingMe*

              Exactly. I think males should take leave, bond with *and care for/parent* their children…as opposed to what amounts to a vacation while the woman still does the majority of the work.

              The biological reality is that males’ contribution to the existence of said children was about thirty seconds almost a year earlier.

          2. Janie*

            A year is standard in Canada tbh and either parent can draw from it (including adopting parents). A former coworker of mine took 6 weeks off when his third child was born.

            1. curly sue*

              My brother and SIL have split their leave with their firstborn. She took the first six months and then went back to work, and he’s on leave right now for the second six months. She really wanted to get back to work and he was thrilled to get the bonding time, so it’s worked out very well.

            2. Teapot analyst*

              My male colleague took 9 months, which is awesome!

              I believe his wife was unemployed and they decided that they could afford to live on one salary (his) for a while.

      2. Grace*

        You’d have to “come up with a story” if you just decided to quit out of the blue with no other job lined up and just lounged around at home for eight months, not even trying to apply for jobs.

        “I was on maternity leave and got laid off” does not require a cover story.

        1. Elitist Semicolon*

          Even then the “story” could be, “I decided to take some time to myself and reassess my professional goals.” The candidate doesn’t need to tell the interviewer that they did this by laying on the couch in their PJs, eating ice cream with a purring cat in their lap and not thinking about work at all.

          1. Grace*

            Yep, fair. I was thinking ‘story’ in more abstract terms than the one proposed specifically by the recruiter, but I agree that a nice vague “rethinking professional goals (and definitely not spending quality time with my cat)” would be the way to go.

            Bonus points if you managed to say “purrfessional goals” without anyone realising.

    5. Antilles*

      Also, maybe this is specific to aero, but is 8 months really *that* extreme that a cover story would be required?
      I’m in a different field of engineering, but I regularly get resumes with 4-5 month gaps on them; an eight month is slightly longer than normal, but not so wildly out of range that I’d expect candidates to come prepared with a Serious Detailed Explanation.

    6. If you remember, you weren't there.*

      I’m going to jump into this thread with, the recruiter has a job. His job is to fill positions. He found can successfully fill a position with a person who is presently unemployed but has filled his off time with X type work. Therefore, if you claim to have done X type work, he can slide you easily into a position.
      He gets paid, and hey, if anyone asks YOU well, you can tell them the truth because by then you will have proven yourself and everyone will understand why you LIED. Or you can just be vague about it, until you aren’t the new person and nobody wonders about you anymore. So what does he care? He GOT you a job. Isn’t that what you want?

      1. I Wrote This in the Bathroom*

        Good point – by the time the new job finds out that OP had lied on her resume, and takes whatever actions it decides to take in light of that information, the recruiter will be long gone from the picture and will have collected his commission. He does not care what happens to OP after that point.

    7. Close Bracket*

      > And it would all come out anyway when you refile for any security clearances.

      True, but only OPM sees that, not your employer. To be clear, I’m not advocating lying, but if OP wanted to play up something else she did and not mention the baby on her resume and in interviews, she could do that and still later fill out her paperwork with “Jan 2019-August 2019, unemployed while staying home with baby” or whatever. Not to mention, if she has a currently security clearance, she still has it for two years, so it’s not an immediate concern.

      1. Jojo*

        And in my job you dont get the job because yhe fbi does the background check and the report says you lied. Contract aviation. Security clearance is cancelled when you no longer have the job that requires it. So you have to renew the security clearance to get the new job.

  2. MommyMD*

    I’d have my manager deal with the rumor mill. You already are the victim of untrue gossip. Anything you say now to another employee at your level can and probably will get misconstrued and passed around as something else. “Can you believe that Jane is denying fighting with Diana and getting her thrown out??” You don’t need this. And it’s been proven your coworkers are capable of this. Have your manager quash this rumor and let it die.

    1. Auntie Social*

      I’d also wonder about Veronica as a team player. Even if the salacious story were true, why would one tell something so alarming to a new hire? Is Veronica a pot stirrer, does she crave attention and tell stories to get it, or does she really think the place operates like a dumpster fire? This is serious enough to me to give her a warning if not a PIP.

      1. MommyMD*

        Right. I would not deal with her on my own. Who knows what she will turn that into. I think manager should calmly and privately set her straight. People like Veronica can’t be trusted.

      2. OP1*

        We’re a small public library, and Veronica is the highest ranked of my six reports. She’s the person I leave in charge when I’m not physically in the building, and has been for close to three years. Before hearing this rumor, I would have said we had a friendly working relationship, but she does have a tendency toward hyperbole and seems to thrive on drama. I lean towards thinking she just wanted to pass on a “juicy” story, without regard to how it might come across to the new hires (not that I’m excusing any of it, but I’ve been going over and over every aspect of our relationship in my head, and that’s the only guess I have as to why she would spread a story like this).

        1. Observer*

          This really is so strange that you really need to be questioning both her judgement and her reliability as a narrator. That’s important – if she comes to you and tells you that someone did something, how are you going to be sure that it’s true? What other inaccurate or untrue things is she telling others?

          So, speak to her about the implications of what she’s telling new hires, and see how she reacts. If she reacts well, you have something to work with. If she pushes back, that’s a huge red flag.

          You say she seems to thrive on drama. Is she CREATING drama?

          1. learnedthehardway*

            I would also speak to Veronica about the implications of spreading an untrue story about Diana around, because that kind of thing can get Veronica sued for slander, as it can be proven that the incident did not happen (there would not be any police report of a call that was never made, kwim?).

            Seems to me that pulling out this kind of a big gun is a good idea, since this person appears to be creating drama, which is a step beyond stirring it up, kwim?

            I’d also have a word with Diana about it – she needs to know that the rumour is out there. Last thing she needs is to be caught flatfooted by someone who asks her about it.

            1. OP1*

              The whole thing’s ridiculous on a lot of levels, but one of them is that if I was EVER going to pick an actual fight with one of my staff, Diana is absolutely the last one I’d do it to; she’d wipe the floor with me. She’s a former sheriff’s deputy, and I’m the least athletic person I know (a lifetime of introversion and book addiction will do that!).

            2. TootsNYC*

              Definitely alert Diana–and point out to Veronica that this lie is flamingly unfair to you AND to Diana!

        2. That Girl From Quinn's House*

          TBH I’d double down and write her up for it, but I’ve been burned by drama llamas before and thus have no patience with that behavior.

          1. VictorianCowgirl*

            Absolutely, hopefully there is something in the employee manual about gossiping and specifically about gossiping about current and former employees. It’s such a toxic habit.

            1. Observer*

              You don’t need something in the manual to take action. This is problematic behavior, and Veronica is a functioning adult.

              A warning? OK. But that’s IT.

              1. VictorianCowgirl*

                Agreed – it can smooth the wheels to have it in the EH but not necessary.

        3. President Porpoise*

          I find that a willingness to perpetuate drama rarely coincides with good, professional employees. If she’s poisoning the well towards your onboarding new hires (which is absolutely what she’s doing – I don’t think anyone wants a boss who had been violent towards her employees), she is not good at all aspects of her job, and is so spectacularly bad at one piece that you should consider a clear This is Not Okay warning followed by termination if she can’t shape up.

        4. AKchic*

          Ooof. I would seriously question her judgement. I wouldn’t want her in charge of things considering her propensity for drama, salacious stories, and rumor-mongering.

          I agree with letting a manager handle shutting her down, but I also think that she should no longer be left in charge, regardless of how senior she is. She has proven to not be trustworthy with information.

        5. Three Dogs in a Trenchcoat*

          I honestly wouldn’t be comfortable leaving Veronica as the in-charge person after this. How could I believe anything she wrote up in an incident report, whether it involved staff or patrons? Gossip and drama are pretty normal at public libraries (sadly) but she’s saying you and/or Diana committed crimes!

          I would have a meeting with her and your HR person (and any applicable union personnel etc.) to suss out exactly what has been going on. That will probably tell you a lot about what you want to do with Veronica in the future.

    2. Lance*

      It reads to me like OP is the manager, thus the ‘my staff’ comment, and the implication that OP might have the authority to have someone removed from the building. If I’m reading that right, then that definitely leans, to me, toward the OP still being the one to shut this down themselves. And besides, if you approach it in a manner like Alison suggests, reasonable people should take you for your word; if they’re not reasonable, well, there are entirely different issues than just the rumor.

      1. Yorick*

        Right, it should be fine to address it yourself as long as you make sure to discuss it calmly without any aggressive tone.

      2. OP1*

        Yes, I’m the manager, and before hearing about this rumor last week, I would have said my staff were all pretty reasonable, but now I’m not so sure!

        1. Artemesia*

          This is a big giant deal. My first impulse was ‘call a staff meeting to discuss this as a group and invite Diana’ — but this is probably a terrible idea — but something pretty aggressive is called for. This is very dangerous, I hope you can deal with it and with this rather horrible subordinate.

        2. ket*

          I have to suggest something maybe no one else has (?): maybe Veronica and Betty told this story as an attempt at a joke/prank? Consider the possibility and address it in your conversation!

          1. Lance*

            Personally, I don’t think the ‘why’, just as the ‘who created this rumor’, is meaningful; the important point is, the rumor exists, and needs to be squashed. That alone, I’d say, is the only thing OP should be considering.

          2. Observer*

            If your theory is correct, it doesn’t make it any better. It’s still a TERRIBLE idea, and shows incredibly poor judgement.

            And, I would NOT address the idea. The bottom line is that this is behavior that needs to stop regardless of the reason. Trying to address a possible reason just gets you down a rabbit hole of possible stupidities and arguing about whether this is the reason (who cares), whether it’s “really” funny, etc.

        3. JSPA*

          I’d consider that she might have taken an in-joke as a factual statement. Even if you don’t believe it, it would be a way to open the conversation.

          Assert that the Betty at one point joked about you picking a fight with Diana over the last cupcake (which was funny because it was so clearly impossible). You suspect that this joke has taken on a life of its own, through a slow-motion game of “telephone,” over the years, or through Diana trying to play along with it in a deadpan way. Say that you’d be charmed to be reminded of this bit of word-play… except, of course, that it’s terrible to hear that anyone thinks there is or was enmity between you and Diana.

          Veronica may well say that she was also joking, or that she knows nothing about any of this, but the message should come through clearly, regardless.

    3. Sara without an H*

      It might also be useful to give HR a head’s-up on this one. They might be able to help with the issue of what new hires are told.

      1. OP1*

        This is something that honestly hadn’t occurred to me; we’re a small town public library, and have only had an HR department (of one person, but she’s pretty good at the job) for about two months. I’m not sure if she can help much with the immediate situation, but I absolutely should give her a heads up about it. Thanks for the suggestion!

        1. AngryOwl*

          I agree this is a good idea. And then you’re on record as bringing it up — just in case some future hire makes a big deal about it.

        2. VictorianCowgirl*

          You’ll want to have proper recordkeeping for defense if/when Diana files a suit for slander.

      2. ginger ale for all*

        I would also give Diana a heads up as well. The library world is small and word gets around. She also might be able to shed some light on the rumor.

        1. TootsNYC*

          Small towns are small worlds, and word gets around. Diana doesn’t need people thinking she got into a fight with her boss at her last job!

    4. Jojo*

      Actually this is a matter to report to HR. Slander is spoken word which damages your reputation. It is illegal.

    1. it's-a-me*

      I’ll happily take the last donut/cookie! But half? No way, that’s just evidence that someone probably put their fingers all over it.

      I know the rest of the cookies/donuts have probably been touched too… but I can tell myself they haven’t when there’s no evidence to the contrary.

      1. Mookie*

        I do think the Fable of the Lone Cookie is also rooted in some kind of semi-conscious hygiene panic, where people who engage in this hesitation may be asking themselves why it was this cookie that was left behind. Misshapen or otherwise poor form? Decidedly bereft of good bits? Did everyone else see it fall on the floor earlier but me? How many palms rejected this after fondling it or hand-weighing it for sufficient volume? How many of these heathens wash their hands after spending the penny?

        Pace Alison, sometimes it’s a performative thing, where in your head or reality the whole office witnesses you depriving everybody else of the last, therefore the best (except, see above) and rarest, morsel.

          1. WellRed*

            I thought Alison’s answer was also a bit overthinking it. The last half cookie is simply not appetizing to most of us.

            1. Mpls*

              No…Alison’s answer is spot on for my region. Taking the last piece isn’t rude per se, but anyone doing it would feel rude, especially if they’d already had one.

              1. Clorinda*

                My husband was raised in ‘don’t eat the last piece’ culture and as a consequence our fridge is full of jars with one pickle, or one olive, or a teaspoon of mustard, and little covered saucers with half a serving of something, and produce bags with one baby carrot or half a celery stick. Whenever I purge the shelves, I wonder: how is this less wasteful than either eating the last bit or throwing it away? HOW?
                Rant over, thanks for listening.

                1. ThatGirl*

                  It drives me a little crazy when my husband leaves like, two teaspoons of Cheerios or three M&Ms or whatever – I’m like, babe, if you’re going to finish it, finish it.

                  I work at a baking supply company. There are frequently test kitchen projects (mostly cakes, but sometimes cupcakes, cookies, etc) sitting around as well as catering leftovers, assorted treats, etc and it’s the same thing – nobody wants to eat the last donut or slice of cake and you’ll see little fork bites taken out. I will bravely throw out something that has been mouldering for a day or two.

                2. Aurion*

                  My brother is like this and it has always driven me absolutely berserk; at some point I feel like it’s less “I don’t want to be rude and eat the last portion of the food” and more “I don’t want to wash the damn dish”. :P

                3. TootsNYC*

                  Nobody wants to have to refill the family water bottle in the fridge either.

                  (This is just not a thing anymore, but it was when I was a kid! Back before we knew he was a rapist, Bill Cosby had a funny routine about it. Sigh!)

                4. MarfisaTheLibrarian*

                  My father instituted the “staleness police” rule in our house. If he leaves the last piece of really delicious bakery bread for me, and I leave it for too long…then he eats it before it gets stale.

                5. AKchic*

                  Aurion has probably hit the nail on the head here: It’s not so much politeness but laziness. Eating the last of it signifies that the container needs to be thrown away, and nobody wants to be the one to clean up. So, if they leave a portion behind, the container is not empty, therefore it need not be thrown away and that person isn’t In Charge of throwing it away.

                  My fridge is the graveyard of nearly empty containers with half-swallows of liquid, and last squirts of condiments because my teens and husband simply can’t be bothered to throw the blasted things away… if they remember to put the item back in the fridge when they are done in the first place. Don’t ask me how many times I find food items left on the counter in the morning thanks to late-night snack runs after I’ve gone to bed when they’ve been in too much of a hurry to put the items back in the fridge, or if I’ve been gone for a day or so and gee, some of the items are now fuzzy.

                  No amount of nagging will change them, so now I just stop replacing their stuff. If they want their favorites, they have to purchase it themselves. Funny how they are so much more careful about putting things away when it’s their money.

                6. Thany*

                  I know I’m late to this, but I am so glad I’m not alone. My husband does this too! He was taught to save everything and leave some for someone else, but in a family of 2 it isn’t really applicable. We joke about it often though.

              2. RainbowBrite*

                I’m guessing you’re in the same city I am and this feels like a very Midwest/Minnesota thing

                1. Burned Out Supervisor*

                  Yep, we midwesterners would rather leave it there to dry out than ask if anyone else wants it.

              3. LunaLena*

                In Korean culture, taking the last piece is rude because you’re supposed to leave it for the person who made it/brought it in. It’s their little reward, to be eaten while cleaning up. You mostly see this at parties, though – the host/hostess gets to enjoy their treat after everyone has left and they’re clearing away plates etc.

                It took me a few years to get over this conditioning after I moved back to the US. Now I just ask loudly “there’s one left, does anyone care if I eat it?”

                1. Jojo*

                  I guess it is international then. Grew up in Minnesota. Now live in Mississippi. Same both places. No body takes last one.

              4. Llama Face!*

                This is definitely the case in western Canada too. The last one or two pieces of a treat will linger all day even though my coworkers descend on the new treats like a locust horde as soon as the news spreads that food is in the office.

          2. LCL*

            I do. Because that’s exactly what my mom told me, it’s OK to share food but once it has been handled by everyone, who probably didn’t wash their hands after using the bathroom, did you really want to eat it? Me being me, I eat the cookie anyway…Overthinking is fine, as long as it doesn’t stop you from doing what you want to do.

            1. Anonny*

              Cookies are good and that’s why humans have immune systems anyway.

              My family has a habit of asking “does anyone else want the last [food]” before taking it, and if no-one does, its free to go. If there is someone who wants it, then negotiations start.

      2. Michael Valentine*

        Yup, me too, even the acknowledgement that everything else has been handled. The second I see a “half” I assume the person put it in their pocket first, or took a lick of it, and then decided not to eat it. You know, like a toddler might do.

        1. something idk*

          What kind of people do you work with?? I’ve never in my adult life been concerned that another adult might have licked (licked!) a half cookie or bagel or donut or whatever. (In fact, I’m often one of the ones responsible for those halves existing – there’s nothing nefarious about it, I just didn’t want to eat a whole one.)

          1. dreamingofthebeach*

            Once upon a time, I worked with a woman that loved the quantity of chocolate found in the peanut M&M’s, but didn’t like peanuts…so she sucked the candy and chocolate off each one, and not wanting to waste food, put all the peanuts on her desk in a candy dish in case “anyone was hungry”. if it isn’t pre-wrapped, I don’t take it, thanks to her :)

          2. Aoife*

            Seriously, I couldn’t make it through the day if I thought so deeply about stuff like this. Do these extreme germaphobes ever think about where money has been (potentially)? Just imagine how many hands your average buck has touched. Yet we will grab money with alacrity!

          3. Janie*

            Fun fact, Ariana Grande once went into a bakery, licked some doughnuts on the counter, and then left.

    2. Jen S. 2.0*

      Sometimes I’ll be sharing a dessert with someone, and we keep cutting the last bite in half, and I’ll wonder to myself if we can get down to one molecule of brownie, and split it and see whether the world implodes.

      1. The Wall Of Creativity*

        Or you could just take a proportion p of what’s left and tell the person opposite the rest is all for them. But what’s p?

        Well you could take your p now, or take half, let them take a quarter and you then take 0.25p, this being proportion p of of the last quarter. It’s all the same so p must be equal to 0.5 + 0.25p. Solve the equation and you find p=2/3.

        So just take two thirds and plonk down your napkin.. If you think that’s rude, take half and tell them they can have two thirds of what’s left but no more than that.

        1. VictorianCowgirl*

          I’m laughing so hard right now. Mathematic justification for taking more than half. I like it.

        1. Seeking Second Childhood*

          ZENO’S DONUT!!!!!
          I’m so very glad I put my coffee down before spotting that comment.
          (I’d have no idea how to clean sugary coffee off a thin-screen monitor!)

          1. Autumnheart*

            For future reference: lens cleaner (the kind you get with a pair of glasses) works great.

        2. Seeking Second Childhood*

          I shared this with my husband who adds another complication: “If it’s unclear if the plate is going to be discarded or washed and returned to the provider, not taking the last spares the embarrassment of appearing cheap or implying the other is cheap by having to ask if the plate should be discarded or washed.”
          Now I may never want to take the last something off a plastic serving plate at the office.
          (Cardboard boxes though, your treats are belonging to me!)

          1. Mr. Shark*

            That’s a good point. If you take the last half of the cookie or donut, you have to clean up, whether that is washing something or discarding the box. Add that in with the idea that other people probably handled the last half before leaving it there, and it’s easy to see why no one wants that responsibility.

            1. Jen*

              Especially when the trash cans are too small to fit the empty box, so you don’t even know how to dispose of the container.

    3. Red Ghost*

      One thing that seems to help is to offer the last cookie to someone, especially when the person bringing the cookies does it, but also when there are two cookies left and you offer one to someone else and take the other one. Or you could just start eating the last cookie and if someone asks you about it or makes a comment, you can tell them that it’s silly and a waste to leave the last cookie. It’s not like there’s a general scarcity of cookies in the world after all.

      1. Mookie*

        Yeah, “anyone want this?” can be delivered two ways, implying either you’re prepared to toss it or you want to eat it yourself but need permission.

        1. Pebbles*

          This is an old joke in my Midwestern circle of people that the last piece/helping must be offered three times before it is taken. If no one is around to offer it to, then it cannot be taken.

          1. londonedit*

            This is basically how it works in Britain. I haven’t seen the cutting items into ever-smaller pieces thing – in my experience people would just leave the last whole cookie or whatever – but if you want to take the last one of something, generally the polite thing is to do a round of ‘Would anyone like this last muffin? Anyone? Fergus? Jane? No? Anyone mind if I take it?’ Everyone will of course say that they don’t want it and you should absolutely have it, but you have to go through the process. It’s not generally considered polite to take the last piece without asking.

            1. SusanIvanova*

              Well, you need to make sure everyone got a piece, because if Milton gets passed by *one more time*…

        2. TootsNYC*

          My mom and my paternal grandfather (her father-in-law) forever told the story of their first meeting, when my mom went to visit her fiancé’s parents.

          Both parties were so nervous, and they each wanted to make a good impression.

          There was a heel of bread left on the serving plate. My mom grew up loving the heel, so she didn’t want to appear greedy by taking it. So she left it sit for a bit to see if anyone else wanted it, and then she said, “Would anyone like this heel?”

          Her father-in-law-to-be, who considered the heel of bread to be the dregs, was aghast that his son’s future wife might feel obligated to eat this discard, so he said, “Oh, you don’t have to eat that!” and snatched it up, buttered it, and took a bite before she could say, “I actually like the heel.”

    4. ga*

      We call it “the shame piece”. Or shame cookie, the shame strawberry, etc. I usually ask ‘can I take the shame piece?’ Usually nobody objects…

      1. Deranged Cubicle Owl*

        Same here :-)

        When I was younder I rarely dared to take the last piece (though I secretly really wanted it on some occasions). Now I ask if anyone us interested in it (and willing to give it to someone if s/he wants it) or take it for myself.

    5. The Cosmic Avenger*

      I think at least some of the time it’s people being lazy and not wanting to deal with the box/plate/whatever after taking the last one. At least, that’s the feeling I get at my workplace, where it feels like an empty donut box can sit on the counter for hours until I throw it out.

      1. The Cosmic Avenger*

        I realize the example I gave meant that someone did take the last one, but usually the last item sits for hours, and it’s not at all unusual to be alone in our break rooms during much of the day, so it’s not like people need to worry about being seen taking the last item. I see the empty box/container a lot, too, but usually after hours of seeing just one item left in it.

        1. WellRed*

          I agree with this. If you take the last cookie, please throw away the box or whatever. But, it just sits and sits until (usually) I deal with it. And I rarely have a cookie.

      2. Le Sigh*

        The dishes were my chore as a kid. One time we made burritos. There was one left in the big old pyrex dish and I didn’t want to clean off all the crusted cheese/beans. Instead of wrapping up the last burrito and cleaning the dish, I just put foil over the whole thing and put it in the fridge to be dealt with later.

        The dirty dish was waiting for me at the breakfast table the next morning.

    6. Thaleia*

      In my circle, the last portion of ANY food is known as an Allison* because Allison will! not! eat! the last bite! under any circumstances. Correct usage: “Who wants the Allison?” (usually spoken by the person coveting that last French fry).

      *Not her real name.

    7. Kvothe*

      We used to call it the half life of the dessert in my old office lol everybody would just create the remaining morsel in half until it finally got small enough that it would either finally be eaten or thrown away

    8. Clawfoot*

      The opposite is also true a lot of the time — if someone brings in a cake, pie, pan of squares, or anything else that is “whole” until you cut a piece out of it, nobody will touch it at all until someone else takes the first piece. When I bring in a cake or something like it, I’ve taken to cutting out the first piece just so that others will follow suit. Otherwise you’ll have a whole cake sitting there all day. Even if you put a sign next to it.

      Always cut the first piece.

      1. BadWolf*

        Oh yes, when I bring in a dessert that needs to be cut, I cut at least a few pieces.

        Given that we’ve read so many stories about people breaking into birthday cakes pre-party, eating cakes for other shifts…it’s nice that some people have a fear of breaking into food that might not be for them.

      2. CmdrShepard4ever*

        @OP#3 Next time you have one last cookie/donut left just give me a call and I will gladly take the last one. I have no problem eating the last piece of something. If I know someone was out when the cookies/donuts were initially brought in and they will be back later, I will hold off on eating more than one or the last of something. But if everyone was in the office at some point and it is 3/4 pm and there is still one last piece if it calls my name I have no problem eating it.

        But I am also the kind of person that is willing to cut and take the first slice of cake or be first person in line at the food table. @clawfoot if you ever need someone to take the first slice give me a call.

      3. Artemesia*

        I actually think that cutting into something someone else brought is a kind of diagnostic of social ineptness. The person who brought it needs to cut it — how else do you know it is meant to be served NOW and not later etc etc. I have observed a few situations where clods dug into something that was to be presented at a later point or was not for them. A recent example: a group I belong to has a baking contest as part of an annual event. I made a fancy mojito cake. The process is that the judging panel tastes everything and then it is a giant dessert buffet for all to partake of. Some rando decided to simply help himself to a huge slice of my cake before the judging and when all the pristine items were displayed but not yet served. (and every office has the guy who cuts into the cake in the refrigerator with ‘for Susan’s retirement party’ written on the box.)

        1. Judy (since 2010)*

          We had our quarterly meeting 2 weeks ago. We had food brought in, and there was a large birthday cake for the celebration of 5 years since a particular product was released. There was a plan to take a group photo around the cake before cutting it. Until one of the contractors went up and cut a piece for himself, before everyone was even done going through the food line.

          1. Pebbles*

            Gotta make sure you have room for dessert! And the best way to do that is to eat it first! :D

        2. CmdrShepard4ever*

          I probably am social inept, but I will only be the first to cut into something if I have been told it was brought in for everyone to share, or if it is on the serving line for people to grab but others don’t want to be the first to cut into it.

        3. SusanIvanova*

          The birthday cake-buying person didn’t know one of the birthday folks was taking that day off, so the cake went in the fridge.

          Next day we opened it up to find that someone had stolen a strawberry off it and scooped up a bit of the frosting too.

    9. Cookie Monster*

      Based on my informal observations there seems to be a gender component. Women don’t want to be seen as greedy so they don’t eat the last anything. I work in a mostly female profession and women will divide and divide and divide but one of them men will come in and scoop up the last one without a thought. Even dudes from another department will eat the last cookie without a thought!

    10. MN Marie*

      This is the most Minnesotan thing to do, never take the last anything – but if you do, only take half (use a knife to cut, of course, and leave said knife as evidence that the missing half was removed hygienically).

      1. Autumnheart*

        Hilariously, I just went into the break room (the common area for people to put food out) and there was a bag of Dove chocolates with one left in the bag. I took it. I’m in Minnesota.

    11. That Girl From Quinn's House*

      I have zero compunction taking that grubby “last” bit and pitching it, and all of its attendant crumbs, in the trash. Roaches, people.

    12. Former Employee*

      I don’t recall being told anything about not taking the last piece. I just seem to have an innate, overdeveloped sensitivity regarding any situation where someone else might need something more than I do. Never mind that no one actually needs cookies or donuts in the first place.

  3. Kheldarson*

    Meanwhile, I’m the person who *will* take the last piece of whatever if it’s been sitting a while (like it got served at lunch and it’s now quitting time. Or two days later for a big cake). Y’all had your chance; gimme those sweet, sweet baked goods. Nom.


    1. Lioness*

      I just did this today. Someone broke the last cookie in half. I just took that last half. It was towards the end of the day, I figured anyone who wanted one already had a chance to get it and if not, well, there will be other days with cookies.

    2. Drew*

      Solidarity, friend! I consider it a public service to have the last slice of pizza, last cookie, last kolache, or whatever (assuming, of course, that everyone present that day has had a fair chance). I will offer to split the last whatever with someone else if we’re in the kitchen at the same time. Somehow, both of us doing it lessens the guilt factor (for the other person — I’m eating it regardless) and makes us co-conspirators or something.

    3. CM*

      Yeah, I feel much more comfortable grabbing the last snacks when it gets to be the end of the day and people are leaving. I feel like, at that point, if it was important to you to get a cookie, you’ve had more than enough time to go for one, and also now the cookies might get thrown out if they’re just left there.

      1. The last cookie on the plate*

        I’ve never taken the last anything – it sends a weird message when an overweight person does that in an office full of non-overweight people – except if I’m the last one in the office (as I usually am, since I like to sleep in).

        I justify it by saying that taking a plate with one carrot/cookie/donut down to the kitchen for proper storage is too time consuming, and if anyone cared, they would have done it themselves hours ago when they left.

    4. Kitty*

      Haha! I often take the last bit as well, after a respectable amount of time has passed and people have all had the opportunity to partake.

    5. Lauren*

      I eat the last cookie too. I mean if I want it. It’s ridiculous that food is wasted because no one will eat it. I’ve noticed in my office that there’s rarely a last cookie left.

    6. The Cosmic Avenger*

      First and last! If it’s not an event to honor someone, in which case I try to get that person to partake first, I will often go up to the potluck and try a little bit of a few things to see what I like, because until someone goes first, everyone often mills about waiting for someone ELSE to go first! I consider it like an icebreaker. :D

      1. Daughter of Ada and Grace*

        It’s absolutely a public service to everyone else to do this!

    7. Seeking Second Childhood*

      What I’m trying to implement at home: s/he who takes the last piece washes/discards the container and wipes off the counter underneath The default kitchen-tidier wins either way…and yes that’s me.

      1. Quiltrrrr*

        This is why I don’t take the last of anything…because I would feel obligated to clean it up and find the owner of the pan and return the cleaned pan to them.

    8. Allison*

      Same here! If I’ve already had one, I’ll leave the rest for others for a little while, but if it’s still sitting there hours later, I’m eating the last one and I’m not gonna feel bad about it. Someone has to eat the last serving!

    9. Grapey*

      Same. I wait a requisite amount of time to cover the “I do not care that I have created cookie scarcity for others” feeling since if they cared about cookie scarcity they would have shown up earlier.

      1. Bulbasaur*

        Me too. I always figured I was just rude, but it sounds like I may actually be performing a valuable service.

        There is definitely a statute of limitations on these things. Food that has been out for a few hours is usually a lot less appealing, not to mention the possible food safety issues depending on what it is (“leftover sushi from this morning in the kitchen!”) Just eat the damn stuff while it’s still good. If you genuinely care about people who might miss out because they can’t be there, rather than just participating in a meaningless social ritual, then figure out who they are, decide on an appropriate quantity of food, and physically set it aside for them in some way. Operational manners over performative ones!

    10. Elizabeth West*

      Same–if there are any other people in the room, I will assuage the guilt by asking if anyone wanted it. If I get a no or a noncommittal response, IT IS MINE.

    11. Arielle*

      I must work with a bunch of greedy jerks because I have never noticed this issue in my office! On the contrary, people will send triumphant messages to the ‘food available’ Slack channel to say they got the last piece of something.

    12. TootsNYC*

      I sometimes consider it to be a service to the office, taking the last cookie, because now the box can be tossed or the palte washed.

      I also often go first in the buffet line as a public service.

      1. Paulina*

        Yes! I also provide these services.

        Taking the last piece (often half piece) in our office is further justified by the usual place for treats being the counter in the main office, so once it’s down to the last half, it’s just in the way. The provider isn’t going to want to take half a piece home, just finish it so they can take their dish back.

  4. SusanIvanova*

    #4 My entire previous team was laid off at the same time, and most of us have a big gap afterwards because we took advantage of the nice severance package to do things ranging from “take that trip I always wanted” to “hold out for a really awesome job.”

    1. Auntie Social*

      But on the last day, did you take turns throwing each other out and calling the police?? ;-)

      1. voluptuousfire*

        I just pictured people tossing others out on their ear and those tossed out get up and dust themselves off and go back in and the other person gets tossed out on their ear.


  5. Liza*

    OP #2: I couldn’t tell from your letter, is it possible that your former co-worker’s account has stayed logged in without any action from the former co-worker? Or that there’s an automated process that runs using that co-worker’s account? I’ve seen that happen before. Or maybe your former co-worker really is logging in regularly.

    1. Magenta Sky*

      He may also have a piece of software installed (that possibly he doesn’t even use any more) on a personal laptop that’s connecting automatically.

      Regardless, it’s big ammunition for a policy change in which you (and anybody else responsible for deactivating accounts anywhere on the network) get notified when someone’s status changes. Perhaps subtly suggest that the school really doesn’t want to be famous on the internet.)

      (And if he’s doing it on purpose, he *should* get in trouble. People sometimes go to prison for that sort of thing. In this case, there’s no damage done _that you know of_, but the potential is there, even accidentally.)

      1. MK*

        Frankly, I don’t see how he might get into trouble. He doesn’t work there anymore, so they can’t discipline him, he left in bad terms so the reference is probably useless anyway, he doesn’t seem to have caused them any damage, so they won’t sue him; what could the company do to him? Unless this violates some criminal law (very unlikely), he won’t have any repercussions.

        1. Magenta Sky*

          Unauthorized access, regardless of motive, technically speaking, is a federal crime (assuming they’re in the US, but most other countries as well). Without any known harm – so far – it’s unlikely to be prosecuted unless the school pushes hard and has some friends in high places, but they may push hard and have friends in high places. That’s a decision that will (and should) get made much higher up in the food chain than the letter writer.

          At this point, there’s no way to know exactly what’s happening. If it’s inadvertent, some program connecting automatically, it’s not worth getting worked up over. You disable the account like should have happened long ago, and update policies and procedures.

          But if he’s doing it on purpose, the question becomes why. And it’s a question that really needs to be answered. Maybe he’s just checking to see if they have disabled the account, because he gets his jollies at how clueless they are. Or maybe he’s been blackmailing someone at the school all this time, and logs in every day to reset a timer on a logic bomb. Or anything in between. Until the question is asked and answered, there’s no way to know. But regardless of he’s doing it, no matter how innocuous he feels his motives are, he really needs to get read the riot act about deliberately accessing a system – with administrative privileges – that he no longer has legal access to. For his own good. I certainly wouldn’t hire someone I knew had done that at a previous job.

        2. Samwise*

          If he did it on purpose and it’s not some sort of automated software logging him in, it’s the sort of info that should be shared with his current employer, because it speaks to his integrity (or lack of it) and to his willingness to go out of his way to violate a federal law that he cannot possibly plead ignorance of.

          I don’t know if that’s something OP’s employer can do, but sure wish they could and would.

        3. Observer*

          If someone tells his current employer, that is one issue. Secondly, there is a difference between a poor reference and being told by someone that he did this particular bad action. So, for instance, if someone calls the former manager and hears “He’s hard to get along with” decent employers will dig further, and probably ask other people about this. If, on the other hand they hear “He illegally accessed our system after he left.” a good employer is going to take that very seriously. (If he was actually deliberately accessing the system, it almost certainly was illegal, in the US)

      2. netnrrd*

        Re Question 2: I’m a long-time IT professional with experience in infosec, and I’d say bring it up to the manager, note what you’ve been seeing, and ask if there are automated processes that might be using those credentials. Worst case scenario, you’ve found someone doing something nefarious. Best case scenario, you’ve found a piece of automation/report software that needs to be updated. Also, you might want to mention that having people’s account credentials cancelled should be a part of the exit process for a user.

    2. OP#2*

      Good thought on the automated processes! I can see when and where the log ins are happening, and they are definitely separate events though. We can use a system username and password or single sign on to log into the system. About a week before he left, he changed his username password, and around the time he left, he went from exclusively using SSO to using only the username login. IP addresses correlate to his home and other known locations.

      1. Jess*

        I was going to suggest it might be a case of him having left his login with a coworker (“oh you only need to check this thing in the database once in a while, it’s not worth setting up your account, just use mine” which would be a while DIFFERENT security issue, but if you can tell the logins are coming from here he is, that’s definitely dodgy!

        1. TooTiredToThink*

          Same. I seriously wondered if he had given his logins to another employee (which is bad in and of itself) but if the IP addresses match his home; yeah, no that’s not good.

      2. M*

        Could be a rarely-used personal device that’s auto-logging in when it’s turned on/opened/etc, though? Either way, I think Alison’s advice is probably right – it’s possible it’s happening inadvertently, but that’s still a security issue your manager needs to know about now. If investigating it clears him of deliberately accessing the system, great! But if it *doesn’t*, it’s going to raise all kinds of questions about your own behaviour when you report that after sitting on the initial problem for the time it took you to find that out.

        1. Kimmybear*

          I’ve seen the auto-process, auto-login from personal device, and password hand off all happen before and all are security issues in their own ways. I might present this to your boss as any one of these non-nefarious possibilities could be true (in addition to he’s just curious to see what’s going on since he left) and that you need to start a more formal employee departure process.

          1. Samwise*

            “he’s just curious to see what’s going on” — the thing is, the law is very clear on this, and “I’m just curious” is a bad reason to break this particular law:

            “Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):

            School officials with legitimate educational interest;
            Other schools to which a student is transferring;
            Specified officials for audit or evaluation purposes;
            Appropriate parties in connection with financial aid to a student;
            Organizations conducting certain studies for or on behalf of the school;
            Accrediting organizations;
            To comply with a judicial order or lawfully issued subpoena;
            Appropriate officials in cases of health and safety emergencies; and
            State and local authorities, within a juvenile justice system, pursuant to specific State law.

            Your former co-worker does not meet any of these conditions. None. Zero. It’s truly appalling.

            1. JSPA*

              You’re assuming he’s looking at educational records, rather than (say) traffic levels. Or checking his own old departmental email to see if it’s still active, and if so, whether anything important is still going there. (Assuming he’s looking at anything at all, intentionally.)

          2. Observer*

            Except that given what the OP describes, the automated systems are a lot less likely than him logging in deliberately.

            And curiosity is not innocuous either – there are a lot of privacy implications here that he should know about. It’s not for nothing that the OP was worried about trashing his reputation.

        2. SpaceySteph*

          Semi-related, but when I first had work email on my cell phone I kept getting locked out of my account one day and couldn’t figure out how. I had to call the help desk three different times before someone finally thought to ask if I had email on my phone.
          Turns out I had recently changed the password and my phone kept unsuccessfully refreshing the inbox because it had the wrong password. Enough tries with a wrong password and you get locked out.

          So yeah, it IS possible that he has some automated thing logging on without really thinking about it. And even if that’s not whats going on here, I think presenting it as someone potentially harmless but still needing to be fixed is the maximum courtesy you extend for this friend who may in fact be up to no good.

      3. Seeking Second Childhood*

        It’s definitely questionable unless there’s a way to login on bootup of a device. I mention this because I was startled to learn our PCs log us into MSOutlook on startup offsite, without going into the VPN. I found this the hard way when I’d brought the laptop home & started it up _in case_ there was a Monday morning crisis on the thing I’d delivered Friday before my 3-day weekend. (There wasn’t, and I took the opportunity to double-check that I had an out-of-office message LOL.)

      4. Samwise*

        Yep, then he’s a weasel. He’s doing it on purpose and doing it a lot. Alert your boss NOW.

        1. Psyche*

          It could be that he is curious about when they are actually going to turn off his access. If he left because he is disgruntled he might enjoy seeing evidence of the ongoing dysfunction. Not great, but not nefarious and probably a result of not thinking though the implications.

          Regardless, it should be reported. It isn’t throwing him under the bus, it is just stating the facts.

          1. Samwise*

            It doesn’t matter if he’s just curious — looking due to curiosity is itself a violation of FERPA and that’s made very clear at every institution of higher ed I’ve worked at.

            1. tangerineRose*

              Yeah, he should know better than to try logging in after he’s left the job.

            2. Lalaroo*

              I’m not sure if this is accurate.

              First, the OP didn’t mention what type of database the former employee is logging into. I worked in HR in higher ed and we had different databases for different things, some of which included only employees and no FERPA-restricted info. It could be that he’s not logging into a database with education records.

              Second, every database I’ve ever worked with has a landing page and doesn’t just open up on a list of records. If he’s logging in, seeing that the account still has access, and then logging out before looking up any records, I’m not sure how that would be a FERPA violation any more than someone authorized being in the same room as the principal’s filing cabinet would be.

              However, the CFAA would almost certainly cover his actions, so they’re still likely illegal.

            3. Psyche*

              I don’t disagree with you. Regardless of his reason he is still 100% wrong. I was just pointing out that he may not have really thought through his actions, especially if he isn’t actually accessing any student files.

              1. Psyche*

                It was mainly addressing how it may not be that the OP misjudged his character, but rather that he did something stupid (and wrong). It doesn’t forgive the action but may be a less jarring way of looking at the situation.

      5. Brett*

        Speaking of security issues…
        Why can he long in to a database from his home?
        His home IP should not be whitelisted, he does not have a whitelisted device, and he would no longer have access to a VPN.
        Make sure to entertain the possibility that this is not him but someone else who has compromised his home network, making this a much larger and much more serious security breach.

        1. Admin of Sys*

          eh – I mean, yes, Brett, you are entirely correct, but universities are notorious for not requiring vpn access to systems that should require vpn access. If there’s sufficient pushback from the db owners that their grad students should be able to log in from offsite to enter data and can’t be bothered to connect to vpn, then sometimes IT departments surrender the point.
          There could be an automated connection happening from his home machine, but even if that’s really unlikely, it may be worth it to frame it this way because it keeps from having to accuse him of nefarious activity.
          OP2 – I’d just present it as a security concern without ascribing specific actions – “Something is logging in to the database using former coworkers credentials from their home ip and other locations. This should not be happening, and we should therefore definitely consider turning off his access, disabling his account, getting it security involved, fixing the process that allows folks who left still have access to things, any/all of the above and also vpn / firewall. ”
          But if you have an IT security team, I’d get them involved as soon as you tell your manager – if your manager / your IT security team wants to consider that illegal access has deliberately happened then they’re going to have to involve a lot more people than your team; and counsel / IT forensics are going to want a very specific set of logs and such. (speaking of which, if any of this happened long enough ago that you might be running into log retention issues, I’d make sure you keep any logs that might have data on the connection)

          1. Brett*

            I think I had the advantage of having a grad advisor who worked with industry regularly. She would have been the one pushing back on us for wanting offsite access without a VPN.
            Especially after the dark web story that the OP provided in the comments, they will really have to approach this with the assumption that someone could be maliciously posing as ex-employee and using those stale credentials to lay groundwork for a larger attack.

      6. highereddataperson*

        I also work in higher ed. We have a simple process for when anyone leaves their job: HR emails a specific list of people who need to know. This list definitely includes IT, who de-activates their accounts immediately after their last day. It’s not hard to implement, and obviously you already understand why it’s important so I won’t explain that part.

      7. Weyrwoman*

        Regardless of anything else – why in the nine hells wasn’t this person’s password changed when they left?!? I work in cybersec and the password being left alone gives me the heebiejeebies because it runs so against any security policy defaults.

        1. OP#2*

          I do most of the account management, and my manager forgot to deactivate it when I was on leave. Not great, I know, but he was swamped with me out of the office. It slipped through the cracks.

          1. Sally*

            It sounds like your office is understaffed! Even if the main person responsible for this task is on leave, there should be a policy that is followed by the person taking over that responsibility while you’re out. Aaaaaaaargh! Sorry, I’m pretty sure I’m preaching to the choir.

      8. ArtK*

        Doesn’t matter. Report it *now*. Whether it’s accidental or deliberate it’s a security breach. The account should have been disabled the minute he walked out the door, or at least the passwords changed if there was access that someone remaining would need. This is IT security 101 and your company really fell down on the job.

    3. AKchic*

      I’m going to assume that he is still logging in, on purpose, to see just how long it’s taking the employer to actually take his access away, as if proving his point that they have flaws in the system. For all we know, he could be passively data-gathering to show the company just how flawed the system is; i.e.. “look, I left here 5 months ago, and I have logged in 1x a week every week since then just to prove I *could*. How many people have been terminated since I left? How many of them still have access to their systems and private company/client information and could have done serious damage with that information? For $XXXXXX contract, I can streamline the system and eliminate this data security risk!”

      This is not a matter of covering for the former employee. This is a matter of ensuring the company actually closes these security breachES. Yes, multiple. Every time the former employee logs in, it’s a breach. Which means that if that former employee can, others who are still allowed access could do the same, and should be considered as doing so until proven otherwise, which means more breaches and risks. That’s not a good look for this company. It needs to be fixed ASAP.

    4. JSPA*

      Came here to say same. Could be a process coworker automated, that logs in “as him,” so that it can carry out a completely appropriate process. In fact, if he was having to get creative with work-arounds to to his job, this rises to the level of likelihood.

      Could be a laptop that’s now assigned to someone else, and a headache for them.

      You can present it as, “we have no way to tell what sort of process, application or device is logging in under people’s names. We have no central register of such processes. We have no policy for deactivating accounts, which makes it tempting for people to use their login for legitimate legacy processes, but also a huge security risk if someone’s working in bad faith.”

  6. nnn*

    I’m curious whether #3 eats the last cookie themselves.

    I feel like if they do, it wouldn’t be languishing on the plate and getting thrown out.

    But if they don’t, they wouldn’t need to write to an advice columnist about it, because they would simply apply their own reasoning to the others in the office.

    1. Magenta Sky*

      I don’t understand why people won’t eat the last donut, because I *do*, without a second thought.

      The odd thing is, the half and quarter donuts start appearing well before the box is down to the last one. The average box of donuts gets cut into several times as many pieces as there are employees in the office, so people are going back for seconds and thirds – of tiny little pieces of donut because “I’m trying to lose weight.”

      This is why I work with computers. They make far more sense than people.

      1. Kuododi*

        I’m with you… I have no problem eating the last cookie, slice of pizza etc. In my mother’s eyes…that behavior has always been mortifying. ;)

        My sister and I were raised with the “cut it in half and leave the last piece to turn to brick-like consistency” mindset. After all, a piece cut off from the treat, loses all calories, dietary fat and excess sugar…. didn’t you know? (Personally I think it all “leaks” out of the torn side of the food item!!!). It’s the same mindset which says food sampled from another person’s plate doesn’t count in terms of fat, calories, excess sugar etc. Best regards.

      2. Guilty of Donut Cutting*

        In my experience the “cutting them in half before it’s the last one” thing happens mostly when it’s a tray of different types of donuts. I think to some people it’s the exact same thought process, except instead of “I don’t want to take the last donut in case somebody else wants one” it’s “I don’t want to take the only chocolate dipped donut in case somebody else only wants chocolate dipped donuts specifically”.

          1. Lily Rowan*

            Or even: I want to try multiple flavors! I don’t take a half donut because I’m trying to lose weight, but I do take half a donut! And then a quarter of something else, maybe.

            1. Lucette Kensack*

              I just learned about a gourmet donut shop near me that does flights of miniature donuts. Yessssss.

        1. Psyche*

          It could also be someone who only wants one donut, but wants to sample several different types.

    2. Overeducated*

      Unless their reasoning is “no one else does it, so I don’t want to break a clear social norm, but what IS this norm? Do the others know something I don’t?”

      1. Falling Diphthong*

        I think this is it. They are picking up on a social norm, like facing forward in the elevator.

  7. Maria Lopez*

    2. “He left on not-great terms because he wasn’t being given the resources he needed to do his job effectively and wasn’t willing to deal in the politics/play the waiting game until he could get them. I enjoyed working with him and understand why he chose to leave when he did. ”
    Now you REALLY understand why he left. You should probably find other work, too, since it doesn’t seem like the higher ups care about running a tight ship. And as always, document, document, document, since when or if the feces hits the fan those in charge will deny they ever knew anything was amiss.

    1. Lynn Whitehat*

      I work in network security. If I had a nickel for every organization I saw who “doesn’t care about running a tight ship”, I could retire right now. No one takes this stuff seriously until they get breached. And I mean NO ONE.

      I was a victim of the OPM hack—everything in my security clearance application, stolen by Chinese hackers. The OPM knew their systems weren’t secure and didn’t care.

      1. NamelessForTheNonce*

        The place where I currently work assigns everyone a password. The owner keeps them in plain text in an Excel spreadsheet. His passwords are on a stickynote on his computer monitor.

        I am not making any of this up.

        The former employee absolutely should not be doing this, but it’s completely unconscionable that his access has not been revoked literally months after he left – especially if it wasn’t an amicable parting. That’s just sloppy

        1. ExceptionToTheRule*

          I’ve had network people tell me that a sticky note is actually one of the safer methods for storing passwords because it requires physical access. I’m not endorsing that method. Personally I use a password manager.

          1. Elizabeth West*

            Sticky note locked in a drawer (in case I forgot) was my go-to for a while.

          2. That Girl From Quinn's House*

            I have an index card file at home. If you’re in my house, at my desk, we have much bigger problems than the integrity of my Costco online account.

          3. SusanIvanova*

            I was sitting here boggled for a bit, and then I noticed: “network people”. Run that past some security people, I’m sure you’ll get a different answer.

          4. Michaela Westen*

            I don’t trust anything electronic with my passwords.
            I use a typed list *in code* so a random person wouldn’t be able to tell.

          5. Observer*

            At home that’s one thing. At work, the idea that no one else will have access to your desk is kind of silly. Even without a formal desk sharing arrangement, lots of people could have access to your desk, some legitimately and some not so legitimately.

    2. Berlina*

      I work in a IT related job and sometimes it happens that a new colleague just takes over somebody else’s account (usually their predecessor) without bothering or having the rights to set up their own account. Drives me bonkers, but even our programmers do it now and then when something has to be fixed quickly and they didn’t yet have their own account at that point. So make sure that this is not the case.

      I always eat the last cookie. Or two, or three. :D

      1. Berlina*

        Forgot to mention: we store all passwords in a database that can (only) be accessed from inside our office. This is how programmers who are in a hurry sometimes pick someone else’s account… and then never bother to create their own.

  8. Doctor Schmoctor*

    #4 This recruiter is a sexist asshole. There’s nothing weird about having a baby.

    1. Akcipitrokulo*


      There is literally nothing to explain other than “I had a baby”.

  9. Yep, that's about right*

    #3. I think a good portion of the time the last little bit is left because that last person didn’t want to have to wash the plate/throw out the box, etc.!

    1. nonee*

      +1. No one in my office is shy about taking all the food, it’s the uncertainty over what to do with the platter once you’ve done it!

      1. SusanIvanova*

        I brought in some cheesecake. Set it out on the metal bottom of the springform pan. There was one piece left when I went to the kitchen; came back half an hour later to no cheesecake and no springform pan base. Wasn’t in the recycling (I could possibly see someone thinking it was just a cheap aluminum tray), wasn’t in the dishwasher – I think someone just tossed it in the regular trash and that had already been taken out.

        1. nonee*

          I’m sad about your springform pan! So hard to find good ones.

          In my office only the PAs seem to know where serving platters etc come from/go back to. They don’t live in our kitchen so I really get the confusion.

    2. Ev*

      This is definitely the reason I don’t take the last one. I can’t claim to be overly polite – I’m just very lazy!

    3. a*

      One of my coworkers stated that he wanted the piece of whatever was left, but he didn’t want to have to clean up. I rolled my eyes – half the people here just leave the empty, dirty dish in the sink.

  10. Phil*

    In my house when I was a kid, the person who took the last of something would be accused of eating/drinking ALL of the thing.

    1. SG*

      This! As a kid, I also ran the risk of being told that I was greedy or spoilt for finishing the last of anything, especially if it was something I was known to like. It was a long time before I shook off that mentality — even now, I still have to fight against my inclination to let milk go bad or cookies go stale and then throw them away (see, I’m not greedy!) rather than finish the last of anything.

      1. Grace*

        In my house, it was more “make sure you check with everyone else in the house before you take the last of something, unless it’s explicitly yours or there are more unopened”. I’m an only, so it consisted of checking with my parents and then asking any guests we had over if they wanted the last biscuit or whatever. (I’ll admit, I get a bit of a visceral reaction when someone takes the last of something communal without asking if anyone else wants it. I’m far too British to say that *I* want it, if they ask, but you have to offer. It’s *polite*.)

        But I think that’s a reasonable expectation to set for a kid – particularly when you’re putting a lot of effort into proving the “selfish only child” stereotype wrong, as my parents were – but what your parents said? Nah. Not reasonable. It’s on a par with “You have to eat everything on your plate” when it comes to teaching children to override their hunger cues and giving them a disordered relationship with food.

  11. cncx*

    RE OP2, i work in IT and i’ve seen old accounts stay active when, for example, third party accounts were authorized with that one. I’m not saying it’s right or good business practice, but could it be possible it’s an existing user, or the former user’s replacement using the former user’s login for another service?
    one example i have is that a company i knew of was good about activating and deactivating user accounts but the accounting department was horrible about activating SAP access so new users would use their replacement’s SAP until theirs got activated, sometimes like six months later- i really hope an auditor caught that one day. all i’m saying is, could this be an option?

    1. FormerAcademic*

      This sounds really likely! I wonder if they log into computers with their accounts, it could be that too.

    2. OP#2*

      Based on the IP addresses, the person hasn’t been logging in from a campus. I’d be less concerned if that were the case!

      1. Samwise*

        Doesn’t matter: it should be reported even if it IS being logged into from campus, unless one knows *for sure* that this is the situation. Being accessed from campus does not = has a legitimate reason to access it.

        1. Antilles*

          It still would be worthy of looking into, sure.
          But it would be a lot less concerning because there are plenty of common reasons for someone else to still log in and check his account on occasion – checking files on his network folder, searching his email archive for information on dormant projects, etc. Whereas I can’t think of a single good reason why an ex-employee would need to access his own stuff on there – *even if* there were files on there he had legitimate reason to need (e.g., a copy of formal certification or something), he still shouldn’t be logging on himself rather than going through HR or his former manager or whatever.

    3. Fake Old Converse Shoes (not in the US)*

      Oh, yeah, the good ol’ recycled accounts. I worked for some big fish whose ancient codebase was running on a primitive version control system and the IT department couldn’t/refused to create new accounts. Imagine what happened when someone messed up.

    4. Shad*

      Even if there’s some quasi-legitimate reason like that, it still seems like it’s something that needs to get flagged for the higher ups and have a consistent policy attached so that people know what’s going on and to distinguish that intentional access from the old user accessing the system.

  12. Cary*

    Having a baby and taking time off to be with this amazing new creature is normal. Taking time to grow into your new role and world as a mother is normal. Meeting sexist jerks and telling him where to stick it is also normal.

    1. Seeking Second Childhood*

      The $60,000 question though… is the recruiter saying this because he is a sexist jerk, or because he knows of an appropriate where the hiring manager is a sexist jerk?
      That’s a trick question…if it’s the hi r ing manager, the recruiter is at least aiding & abetting, as well as leaving off key info for his client.

      1. Canadian Public Servant*

        If the concern was sexism about parental leave, recruiter could encourage vagueness about the reason for the leave (“dealing with a family matter,” “decided to take some extra time off”), but outright lying? That’s all kinds of bad judgement and bad advice, that could backfire spectacularly, as many have noted.

        1. Seeking Second Childhood*

          Oh I’m not saying to DO the lying.
          I’m trying to figure out why the RECRUITER is suggesting it.
          The key info for client would be the slight chance that the hiring manager is a sexist jerk and recruiter knows it. As the client I’d expect a recruiter to warn me of attitudes like that so I could make an informed decision.

          1. Autumnheart*

            I was thinking, I wouldn’t want to work anywhere that wants you to hide that you had a baby. If they expect that of parents, what other BS would they put employees through? Can’t take PTO, have to come to work sick or be thought of as a slacker? No thanks.

        2. That Girl From Quinn's House*

          Yes, or the recruiter who’s concerned about sexism could say that.

          “For the role of Llama Landing Gear Specialist at AeroPorridge, the HR department is sexist so you don’t want to mention the baby until you’ve returned your offer.”

      2. President Porpoise*

        Does it matter? As a new mom, would you want to work for someone with the viewpoint that women who take time off to care for their new babies are lesser?

    2. Anastasia Beaverhousen*

      And *lying on your resume* is not normal! (Well, I suppose lots of people embellish a bit, but not outright inventing positions!)

      If the positions you’re applying for do even the most cursory of resume verification, this recruiter’s advice would be shooting yourself in the foot.

      1. tangerineRose*

        If I lied on my resume and got hired, I’d always be worried that the boss would find out.

  13. Common Welsh Green*

    Growing up, everyone knew that whoever takes the last cookie ends up an old maid. Also the last brownie, cupcake, or slice of pie. Oddly, I’ve never heard of any lowered matrimonial prospects for anyone scarfing the last of the brussel sprouts.

    1. Heidi*

      Hmm. This sounds like something married people cooked up so they could get the last cookie.

    2. Seeking Second Childhood*

      >the last of the brussel sprouts
      Come to my MIL’s for dinner some fall… she grows them herself so they stay on the stalk until after frost and then cooks them with bacon. ZOMG…the only time they’re worth it.

      1. Red Reader the Adulting Fairy*

        I have an adamantly carnivorous housemate. Bet him five dollars once that I could get him to not only eat Brussels sprouts, but ask for seconds. He took the bet. I got out a pound of bacon and a wedge of parmesan cheese. I won the bet. (He still accuses me of cheating.)

        1. Psyche*

          I’ve started putting Brussel sprouts under a whole chicken while roasting. It is the only way my husband will eat them.

          1. green*

            I can’t stop laughing at my desk imagining Alison leaving behind an angry italicized note “Deleted a long off-topic thread about Brussels sprouts.” XD

            Love this site so much! <3

    3. boop the first*

      And here I am, daydreaming about my tiny household dwindling further down until I’m the Old Maid, and then I can finally get some sleep!

    4. Decima Dewey*

      My personal email address has “spinster” in it, so I’m not worried about becoming an old maid. That ship has sailed long ago.

  14. FormerAcademic*

    I left a job at a university over two years ago, and when I signed up to take a class online there recently, they STILL haven’t deleted my account. Email and all. Still there.

    So this is not at all surprising to me, and I wouldn’t be surprised if this isn’t unusual for your school. I would just bring it up practically… There’s no reason to assume anything nefarious, and well, it’s not like he hacked in or something. Unless you work with particularly sensitive data, I doubt it’ll be a big deal. I know my department wouldn’t have cared… And apparently doesn’t haha.

    And assuming your friend isn’t doing anything shady, giving a heads up wouldn’t be an issue.

    1. FormerAcademic*

      I meant a heads up to your boss! I agree not to tell your friend, as said, if he isn’t doing anything wrong, it shouldn’t matter.

      1. Observer*

        By definition, if he is accessing the system, he is doing something wrong. If he has access to student data, he’s doing something illegal.

    2. AcademiaNut*

      However, figuring out if it’s shady or a side effect of an old process/account isn’t really the OPs call to make – that’s something IT would need to investigate – so Alison’s advice still stands. Let the appropriate people know what you’ve found, let them investigate it and figure out what to do.

      1. FormerAcademic*

        That’s what I meant! I added a clarification. I meant letting the boss know shouldn’t affect his friend.

    3. Samwise*

      Again, doesn’t matter if he hasn’t done anything nefarious. The act of accessing student records in and of itself is a violation of the law.

      It *is* sensitive data: it’s student records.

    4. dealing with dragons*

      they might have de-activated it and then reactivated it. My university had a policy to retain basic account information forever (so like account name, owner name, basic metadata) and then delete things like coursework associated to an account after four years regardless.

      the student accounts and worker accounts were on the same system (I know cause I was both) so the policies were the same.

  15. Jen S. 2.0*

    Re #5, so many times people think it’s mean to say no, or to decline a kind offer. No, it’s far meaner to string someone along. It’s kind to provide an answer so they can move on and find the person they need, and it’s kind not to waste their time making them guess whether your polite noises mean you aren’t really interested.

    It’s not rude to say no, it’s just rude to say no rudely. It’s also very passive-aggressive to be vague and do as little as possible and hope they figure out what it means and go away. I’d far rather have a fast polite no than a long rude one.

    1. Traffic_Spiral*

      Agreed. If you just tell him then he can make other plans. If you keep stringing him along you’re just wasting his time.

    2. Triplestep*

      Agreed. It’s probably better to not even say “I’ve decided to stay here for now“. Just end your sentence before “for now.” No need to say anything harsh in its place; just remove it. Otherwise you’re still stringing him along in a way.

      Also, I wouldn’t feel miffed that he didn’t ask you initially. It’s very common for people to wait to see if new businesses take off before asking people to join, and in your case it sounds like you had a job already. It’s possible he didn’t want to ask you to leave your sure thing for his unproven thing.

    3. Lynn Whitehat*

      I sometimes recruit people for volunteer work. The stringer-alongers are the worst. It takes so much time and organization to keep track of all the people who said “ask me again in 3 months”, “I need to check with my husband”, etc. And then it turns out that they never wanted to do it, and are mad at me for “not taking a hint”! Saying you’ve never been much of a joiner is a hint. Saying you’re settling your mother’s estate but check back in six months means check back in six months.

      I really believe we could make the KKK and other bad organizations collapse under their own weight. Just have a bunch of people act like they’re considering joining but never actually commit. Make the Klan near the administrative burden of chasing after these wishy-washy types.

  16. Not A Manager*

    When I was a kid, I’d get in trouble if I ate the last of something, or used it in cooking.

      1. Guilty of Donut Cutting*

        In my house it was always if you ate/drank the last of some things before the new stuff was bought. So like if I drank the last of the milk before grocery day when the new carton was bought. Still doesn’t make sense because that period of time where there was one serving left, we were effectively “out”, even though we were never completely without milk. My grandmother’s reasoning was that you never wanted to be caught completely without milk in case a guest stopped by unannounced and required milk for their tea. Definitely still silly, but at least there was no food waste because as soon as the new carton was purchased, the old one would be finished off.

    1. Tobias Funke*

      Same! And I grew up both fat and food insecure, which meant I constantly got blamed as a child for my family not having enough food. The chances I will, as an adult, take the last of something are zero.

    2. The Redshirt*

      Yup. I was also the kid who got in trouble for consuming the last of something. The reasons for displeasure had a few variations.
      1) Basically, denying others the opportunity to consume the food or beverage item was rude. If I drank the last of the milk, then no one else could drink milk when they needed it. Money was also tight, so if the milk was consumed then there wouldn’t be anymore for the family until payday.
      2) Consuming the last of something is greedy. Greedy = bad.
      3) In my adult life, I usually won’t eat the last cookie or whatnot because I’m not sure what to do with the plate/container.

    3. Allison*

      I wouldn’t get in trouble with my mom and dad, but my sister would sometimes get mad if someone (I’m assuming someone other than her) finished something off. Whereas I believe that food is meant to be eaten, if it’s there and I want some, and everyone else has had a reasonable chance to get in on it, I’m going to eat it. If I’m at a party, I might ask “hey, did everyone get some pizza? Is it cool if I take the last slice?” but that’s about it.

      I’m not against food etiquette by any means, far from it! I think it’s important to be considerate in taking your first portion, waiting to make sure everyone has been served before taking seconds, replacing something in the kitchen before or right after you finish it off, etc., but the idea that it’s always rude to take the last piece is just silly. Either save it for someone specific, or let someone eat it; letting it sit there to get stale and then toss it hours later is bonkers. I’m partial to the “you kill it, you fill it” rule from camp, which discourages finishing something but doesn’t demonize it.

  17. CM*

    #2 — Your coworker might be in the right about why he left, but it’s super weird of him to keep logging in after he’s gone (if that’s what’s happening). There’s basically never a legit reason to do that, especially not multiple times. I wouldn’t feel bad about telling your boss about this and using it as an example of why you want better procedures to get rid of people’s logins when they leave.

    If you’re worried about making things weird with him, my advice is to not mention it to him at all unless he brings it up. Like, if his login gets discontinued finally and he wants to know why — which would be super shady — just say they finally let you clear some of the old logins and act like you don’t know why that would bother him. Let him be the one to make it weird, if he’s going to.

    1. only acting normal*

      It might be something like getting access to library services – individuals can rarely afford all the paid services, journals etc that a college or university (or research organisation) has, and you get very used to having them at your fingertips. That would be very tempting to me.

      1. That Girl From Quinn's House*

        I got free software on my university’s site license for a good ten years after graduation.

    2. Incantanto*

      Sometimes when you just left its hard to resist the temptation to see if theres anything emailed through still. My old job hasn’t removed my email address after 3 months, which I recently discovered when an old laptop logged me in.

      I did use it to get a couple of payslips I’d missed forwarding before I left, and am now massively having to resist the temptation to look to see whats going on with them.

    3. OP#2*

      Thanks for saying this. One of the things I was having a difficult time reconciling was that he could be right about the way he was treated and also be acting in a shady manner.

      I think I was nervous to tell my boss because I wasn’t sure how to say it without it coming across as a critique of him. He jokes about how I’m always finding the problems and every time I come to see him it’s because there’s an issue or he did something wrong. Plus, we both liked working with this guy and had a good opinion of him, and I hated to be the one who trounced all over it. (Also, I was feeling a bit embarrassed that I’d so misjudged his character.)

    4. Patricia*

      I will admit to poking around a few places that my brand-new coworkers still had access to do a little competitive analysis. Nothing a low-level employee wouldn’t be able to see, more as an efficient alternative to “Well at [other larger teapot company], we organized orders by…”

      But there’s a difference between that and repeated log-ins.

      It sounds like OP had enough evidence to rule this out, but the first thing I thought was that it might not be the coworker, it could be someone else using his access to poke around without attaching their name to the activity. We had an issue with this at my last company – someone reset the password on a departed employee’s account and was using their relatively high-level access to snoop around.

    5. tangerineRose*

      ” if his login gets discontinued finally and he wants to know why ” ask him how he knows that.

  18. MommyMD*

    I would just bring up the ex employee log on very matter of factly to my boss as in I just noticed this. Not assuming any I’ll intent.

  19. OP#2*

    Thanks, Alison, for taking my question!

    I spoke to my manager the next morning, and as chance would have it, he was having lunch with the former employee that day and said he was going to bring it up. The former employee claimed that he’d gotten an alert that his information has appeared on the dark web and that someone there must be using it to sign in. I mean… Maybe? But Occam’s Razor tells me it’s more likely to be him and not someone else spoofing his home IP address and the one of locations he’s recently travelled to. (There were at least three different ones, one correlating to his home and two others that matched locations my manager told me unprompted thr coworker had visited.) As far as I can tell, he hasn’t exported any information. My best guess is that he was signing in to pull reports and see the efficacy of some of the initiatives he introduced.

    This has, of course, colored my opinion of him, and I don’t plan to keep in touch moving forward.

    In our initial meeting, my manager didn’t think the coworker had done anything, but we had a long talk about what we could feasibly implement, given our lack of access to employee records. I already deactivated over 100 user accounts that haven’t been signed in to in 6 months, and we’ve reached out to some other systems owners in similar situations to learn about their processes. I’m pushing hard for us to limit the IP signin locations to only our network, but that does have some implications for mobile users so we’re still exploring that.

    Hopefully I can get us an established system so that our student records are more secure!

    1. Akcipitrokulo*

      Ah, replied before I saw this – glad it’s being addressed but your manager seems disturbinglu laisee-faire about the whole thing that doesn’t inspire confidence.

      Is there any reason accounts aren’t routinely deactivated when someone leaves?

      1. OP#2*

        Our office isn’t in central IT, and we don’t have access to know when an employee has been deactivated by them. We’ve been relying on managers to let us know when employees leave as a result, but I’ve been saying since the beginning that it wasn’t a tenable solution. I’m hoping my IP blocking/VPN requirement will be accepted because you need an active university account to access it, and central IT controls those.

        1. Akcipitrokulo*

          That can be frustrating… can you report to central IT? ‘Cause they really should be on top of it.

        2. Slartibartfast*

          Would it be possible to do a forced password update on a set schedule (like every 90 days) and require the user to be on a network device to set the new password?

          1. Anastasia Beaverhousen*

            While that could work, it’s also terribly annoying for the regular users – and while some security experts *love* the set-schedule password change, others think it causes more security problems because people end up writing the passwords down, because they can’t remember.

            Any chance you could get HR (or whatever central authority would know when employees leave) to tell you? Perhaps like a monthly list they could send you?

            1. Shad*

              Or they just keep the same password plus an identifier based on the reset! It’s really not likely to do much except as a means to indirectly deactivate the accounts of former employees.

          2. Overeducated*

            Whoa. My work requires password resets for multiple systems every 8 weeks or so, and I find it absolutely maddening because for some systems I use more rarely it’s a new password almost every time I log in…it’s only just occurred to me this could be for security against me, not security for me.

            1. Samwise*

              We have two-factor authentication at my institution; your login can be remembered for only two weeks on any device so we are always having to re-authenticate. It;s a PITA but completely appropriate.

              1. Yorick*

                My part-time job recently started two-factor authentication, and I find it so annoying.

                1. Observer*

                  You’d find a breach FAR more “annoying” (or worse).

                  2FA can be annoying, but it doesn’t cause the same kinds of security risks that forced resets cause. Nor does it generally cause the same kinds of practical problems that the forced resets can cause.

              2. Overeducated*

                We also have two-factor identification but the same authentication doesn’t extend to all online systems. (I’m particularly annoyed with the ones where it is supposed to, but I can never get it to work and don’t have 3 days to wait for a help desk ticket when I need to log in, so I have to keep a separate username and password.) I don’t mind the two-factor identification so much because it only requires changes every 5 years; I do mind all of the system-specific stuff. Perhaps obviously, I’m not in IT.

        3. Judy (since 2010)*

          You said they had a choice of signing on with a specific username and password for the system or SSO. Can you force everyone to use SSO, I’m assuming central IT controls access to that?

    2. Feline*

      IP sign in being limited to within the network isn’t unusual. We limit it that way, and mobile users must access through VPN. Those users are considered within the network, and forcing mobile users to use VPN helps with security when they log on from open hotspots which may not have the best hygiene.

      1. OP#2*

        That’s what I keep saying, too. The use case for mobile would be recruiters in the field, and I would argue that they’re the ones connected to the sketchiest open wifis. It makes me uncomfortable.

    3. PieInTheBlueSky*

      OP#2, it’s not clear what actions you took when you discovered this situation, so what I say here you hopefully have already done.

      1. You need to lock out his account immediately, if you haven’t done so already. He says it’s not him, so there’s no legitimate reason to allow anyone to use this account. (Even if it was him, there was no legitimate reason for him to access the system since he’s no longer an employee.)

      2. Save or preserve any logs or other records that show these logins by his account . You may need them later for forensic analysis or just as proof that he was accessing the system illegitimately.

      3. Figure out what else this guy had access to. Change all of those passwords or lock those accounts.

      4. Some have asked above if there was an automated script or other person logging in with his user account for some legitimate reason. Given your manager’s conversation with him. This seems very unlikely. Lock his account. These sorts of things probably shouldn’t be running under his name, anyway. If it breaks something important, someone will complain and you’ll discover what the purpose was. If you wanted to be sure, you could follow up with this guy’s replacement to see if they know anything.

      5. I don’t know what kind of database you manage, but it does sound like you need to be in the loop when someone leaves employment at your campus. In one school that I worked at, there was a mailing list that was used to inform people when someone’s employment had terminated. You or your manager need to talk to HR.

      6. However, in this case you already knew he left. So you and your department need to improve and document your procedures on what to do when you are informed that someone has left.

      1. PieInTheBlueSky*

        7. If your organization has someone responsible for security, like a CISO, you need to report this situation to that person. Any non-employee (unless they are an authorized contractor or the like) has no business accessing a system with confidential student data. As others have said here, FERPA and GDPR and other laws may come into play.

      2. Nicki Name*

        All of this!

        #2, you say you don’t have proof that anything nefarious has happened, but the fact that someone is logging into an account with full administrative access that has no reason to be in use at the moment IS nefarious just by itself. It’s like finding that a door to your offices isn’t being locked after hours. You don’t need to prove that anything has been stolen to start making sure it gets locked!

    4. EPLawyer*

      This is … bizarre.

      He knows he shouldn’t have been logging in and was lying to cover it up. There is no legitimate reason to be logging back into a system after you leave a job. I would not be so sure he didn’t do something while in the system. Anyone who repeatedly logs in is up to no good.

      I’m glad you don’t trust him anymore. You also need to use up ALL your capital on getting a secure system. Go over your boss’s head, agitate, call in any markers you have. Because maybe just maybe this time nothing serious happened. Next time, well who knows. How do you think people’s information get on the dark web in the first place? From security breaches. You do not want your employer all over the news for a massive breach of student data.

    5. Ralph Wiggum*

      Yikes. Even accepting his story of his credentials showing up on the dark web:

      1. How did an IT admin, who should know what he’s doing, end up with his credentials leaked?!

      2. So he knew there was an active intrusion into his former employers network using his credentials… and just did nothing?!

      1. Patricia*

        What use would the dark web have for his credentials anyway?

        In his original post, OP didn’t really give the impression that the company he worked for was particularly high security and the manager’s reaction reflects that.

    6. tiasp*

      If you take him at his word that someone on the dark web was using his login, don’t you have to inform all the students whose information could have been accessed that you have had a security breach and what information that person had access to?

    7. Sara without an H*

      Hi, OP#2 — I’m glad you told your manager. If one of my staff knew about a breech of this magnitude, and didn’t tell me, I’d be incandescent with anger.

      It sounds as though you’re doing everything you can, given your institution’s silo problem and laissez-faire attitude toward security. Be sure to document what you’ve done, so that you can demonstrate due diligence if the issue comes up at a higher level.

      1. OP#2*

        Thank you for saying this. I really do care about this information and its security, but I have very little power to enact real change when those above me don’t take the issues seriously. I think I’ll start sending myself e-mails documenting what I’ve done and who I’ve told so I have a personal “paper” trail.

        1. Michaela Westen*

          Don’t just do it now. Document everything up to now if you haven’t already. I hope you saved screen shots or some record of the logins you saw with the location details you mentioned. If not and if possible, go back and document them now.
          Make sure these and all your documentation are in places where you can access them both at work and outside of work, in case anyone tries to say this was your fault.
          Document everything you think you might possibly need. With documentation the rule to live by is
          “better to have and not need, then need and not have!”

    8. Kenneth*

      Depending on how the logs and auditing is set up on the database system, you should be able to see WHAT he was doing. I know a lot of database systems aren’t set up for that out of the box, because logging out every SELECT query and stored procedure call would lead to a *very* bloated audit log. So by default only transactions that change data are logged out (since they can be used to rebuild a database later, speaking from experience on that). But when you’re talking about a security breach, that’s often the only way to determine the magnitude of the breach and what data has been compromised rather than just presuming everything has.

    9. A Non E. Mouse*

      I already deactivated over 100 user accounts that haven’t been signed in to in 6 months, and we’ve reached out to some other systems owners in similar situations to learn about their processes.

      Ah, good point – I actually do get notification from HR when someone leaves and take immediate steps, BUT I also do a quarterly review of all our systems and manually deactivate any accounts that haven’t seen activity in a month or so.

      I don’t catch much during these, but I have found some “well, he went to part time but then got sick….” accounts that weren’t necessarily termed out of the system yet, so there hadn’t been a trigger to alert me about the account.

      So there’s a +1 for setting your own review schedule – I’m safe at every 3 months with a 1 month activity level, but you would need to determine your own interval.

    10. Need a better name, CPA*

      When Sarbanes-Oxley first went into effect, I was contracted to deal with system access security issues at a Fortune 100 company that failed their first compliance review.
      In addition to putting IS on the distribution list for termination notices, we set up a positive-confirmation process.
      Once a quarter, a list would go out to all managers of the users in their departments, what systems and what security roles within those systems. The managers had to confirm, in detail, that each employee still needed access to which systems and in what role. Because people don’t just leave, they also change responsibilities. Lack of timely response had an escalation process, too, potentially all the way to the CEO. (She insisted on frequent updates the first time, but I don’t think it had to go past SVP the next time. One stubborn, non-compliant manager…)
      Do you have system-by-system or database-specific access request forms, BTW? We found that many users had privileges they didn’t actually need because someone told IS to “set him up like Sally.” And Sally still had privileges from two transfers ago that had never been removed.

  20. Jen Erik*

    Anyone else remembering the John Finnemore sketch about the last biscuit?

    Runs something like a group of philosophers in a staff room, who work out that as no-one ever eats the last biscuit, the penultimate biscuit is in actual fact the last biscuit. So they can’t eat that one. And so on, until they logically can’t eat biscuits any more.

  21. An Elephant Never Baguettes*

    There is a German word for the last slice of cake/the last half of the cookie/etc, and it’s one of my favourites: Anstandsstück (~decency piece). Which usually leads to someone saying ‘Hey, if no one wants it, I’m going to eat the Anstandsstück, ok?’. That way you’re addressing that you know that eating the last piece would technically be impolite but also, it needs to go!

    1. Miso*

      Hmm, never heard anyone actually use that word.

      I definitely take the last cookie/piece of cake/whatever. I ask if anyone wants it, and if not great, if yes, I share or – depending on how much the other person and me already had – I let them have it.
      I don’t feel impolite at all!

      1. Myrin*

        Yeah, I’ve literally never heard that word before, and a quick Google search only brings up English-speaking results (other than one article from 2009 wherein it is a piece of food you take despite not wanting any so as to not disappoint your host, so basically the opposite of what we’re talking about here); obviously doesn’t mean it doesn’t exist but from a cursory glance it seems like the “cyclist principle” or whatever it is which gets propagated on English-speaking websites but isn’t actually a thing. (My apologies if you are German, too, An Elephant – I obviously wouldn’t want to discount your lived experience. But from the fact that I’m almost 30, a germanist, and intimately familiar with the vernacular of two big German regions, and I have never encountered this word, I feel confident in saying that it at least isn’t common nationally.)
        /here I am going on tangents again but I hope this doesn’t become derailing

        1. An Elephant Never Baguettes*

          I actually am German and I think around your age too, so not a generational thing and my family/friends/coworkers use it frequently, eg it’s part of my active vocabulary, so maybe regional/familial differences? (I didn’t think it would be quite so rare – there’s some things I know are unique to basically… my family and the inhabitants of the two towns on either side of ours, but Anstandsstück is a really normal word for me and I’ve encountered it everywhere I’ve lived)

          1. TexasRose*

            This sounds similar to the English-language word “ort”, that small amount of food saved after a meal. (Think the two teaspoons of potato salad left after Sunday dinner, carefully saved in a plastic bowl.) It’s a neat word, which I learned reading Dickens – but the only groups I’ve heard use it in speech are English lit majors, my extended family, and my coworkers and their families.

            1. Seeking Second Childhood*

              I would love it if the Oort Cloud were spelled the same way. (All apologies to Jan Oort.)

            2. Red Reader the Adulting Fairy*

              In my experience, the term for that is “someone hand this to Dad so we don’t have to put it in the fridge.” :)

              1. Still trying to adult*

                What wonderfully curious expressions!!

                My mother’s family had a phrase for those last little bites of something – ‘a Josie Button dish’; too much to throw out (esp. since that generation lived thru the Depression), but save it for later. And since my mom’s dad was such a spoiled old man she steadfastly refused to make Josie Button dishes for him when he & grandma lived with us!

      2. ManuscriptHelena*

        In the German-speaking part of Switzerland, we talk of an “Anstandsrest” (decency rest).

    2. Amelia*

      That’s funny, I came in here to say because I used to be a language teacher, I learned a few of these expressions! In Spanish it’s “la de la vergüenza” (“the one of shame”), and in Japanese it’s “Enryo no katamari” (“mass of restraint”). I find it hilarious this is such a universal concept.

      1. Amelia*

        I know these are idiomatic so the Japanese especially is not a great translation, but I thought “mass of restraint” sounded pretty funny.

      2. Overeducated*

        I was also told it’s called the “piece of shame” in Georgian, but I don’t speak the language and can’t confirm….

    3. German Girl*

      I’m German too and “Anstandsstück” is used in my family and my friend circle, mostly when trying to persuade someone to have the last piece of cake.

      It might be a regional thing though.

    4. Falling Diphthong*

      According to Miss Manners 1.0, the origin story of her name was the admonishment to “leave some for Miss Manners” in which no one ever took the last of something, or finished their serving at a meal, thereby conveying that the food provided was plentiful and no one was going without. She further wrote that it invoked a Victorian spinster companion creeping from the shadows to scarf down the untended tea cakes.

    5. Koala dreams*

      Haha, I’ve heard the Anstandsrest insteadof Anstandsstück. It’s the same thing. I agree that you can just ask if anybody else wants it and if no one wants it, just eat it yourself. In the grand scheme it’s a small thing to break this particular etiquette rule.

  22. Peter*

    Does anyone else worry about taking the penultimate cookie precisely because of the taboo against taking the last cookie? I know no one will want to take that last cookie, so realistically I am taking the last available cookie if I take the penultimate one…

    1. Akcipitrokulo*

      And never take the pre-penultimate one because it’s now effectively the last one…

      We generally have rule if you take the last one from packet, you put it in the bin.

    2. boo bot*

      …And the first cookie is only the beginning of a chain reaction leading to the penultimate cookie, which is in fact the last cookie, which leads inevitably to the conclusion that all cookies are the “last cookie”! Therefore a cookie’s temporary status as the only cookie on the plate does not make it any more or less the “last cookie” than all the cookies that happened to be eaten before it.

      All cookies are equally the “last cookie” and so either no cookies may be eaten, or all cookies may be eaten.
      There would be no reason for cookies to exist other than to be eaten, therefore, all cookies may be eaten.

    3. knead me seymour*

      I have a cookie power theory–taking either the first or last cookie is a power move and only undertaken by the bold (not me). As you progress inward from these extremes, the opportunity for cookies is opened up to those lower in the cookie hierarchy. The central cookie is the cookie of the people.

  23. nonegiven*

    Call out, “Hey I’m fixin’ to eat the last _____. Anybody want half?”

  24. Akcipitrokulo*

    OP2 … oh shit oh shit oh shit…. tell someone now!

    From letter you’re in US, but if you have *any* students from EU then you come under GDPR and this is a reportable breach. Which can become a very huge deal if there are delays in fixing it. (Also don’t know US law but may be something which gives similar legal liability anyway.)

    This guy needs locked out immediately and systems put in place to do this straight off next time – IT have dropped the ball on this and, without and blame, it needs not to happen again.

      1. Akcipitrokulo*

        And it isn’t the fluffiest of legislation when it comes to consequences :)

    1. Agent Diane*

      Was scrolling down to check someone mentioned what a breach of GDPR this would be: you *cannot* have people whose authority to access the data has been removed still accessing the data. It doesn’t matter why access has been removed, it’s a breach.

      I recently left a job and double-checked a login had been changed by my team once I was gone. I’m delighted they had!

      1. Akcipitrokulo*

        I’m just imagining our DPO’s reaction if someone had access to our systems the *day* after leaving… it wouldn’t be pretty.

    2. Emi.*

      If it’s student records they come under FERPA in the US, which is some Real Shit.

  25. Kc89*

    Also, to those who cut up baked goods and leave their sad half behind, I took a poll of the entire world and everyone agreed that if for some reason you can’t eat the whole treat, the proper thing to do is find someone to split it with you instead of leaving behind your sad half

  26. Pomona Sprout*

    #5: To paraphrase Dan Savage, TTMFA (Tell The Mother F***** Already)! ;-)

  27. Not My Real Name*

    Dont fret anymore friends, my 9 year old son has informed me he will eat the last sad cookie at all of our work.

    Not all heroes wear capes.

      1. Auntie Social*

        Tell him thanks. Apparently every office needs a nine year old (as compared to grownups who act like grade schoolers—got plenty of those!!)

    1. Marthooh*

      Does he need a spunky sidekick who’s willing to take the last cupcake? Asking for a friend…

  28. jk*

    #3 someone with your qualifications can get a better, less misogynistic recruiter.

    Personally I don’t work with external recruiters anymore. Too many of them waste my time. I will only work with recruiters employed by a company itself now. I want full control of how I’m being presented to an employer and that extra barrier of the external recruiter can often be damaging as you don’t know how they are presenting you or where you are on their list of priorities. I had a few misunderstandings a few years ago and narrowed it down to lies or laziness by a couple of external recruiters I was working with. Some recruiters also apply high-pressure tactics unecessarily or the company is run by a bunch of kids fresh out of college.

    You’d be better off applying to jobs directly yourself and being your own advocate.

    1. KILROY*

      I don’t think this is a case of misogyny at all; the recruiter is just trying to be realistic. Why give prospective employees an excuse not to hire you? Unfortunately, we haven’t eliminated prejudice against child-bearing women yet, much as some would like to think so. A little bit like claiming that we live in a post-racial society.

  29. Wintermute*

    #2– you’re a DBA, you know the right thing to do. And I suspect you know that. I also know you know about FERPA, and that you don’t just have a former employee problem, and a huge security policy problem, you potentially have a massive legal problem, only the legal department can tell you if it’s a “send out letters to everyone in the school and recent alumni telling them about a data breech” level of problem.

    I think you were hoping for permission to do the wrong thing, sorry about that, I know you were hoping not to cause a problem, but you’re really not. They caused the problem when they illegally accessed your databases. I know you have those little popups on active directory logins that everyone else has saying “unauthorized access or use of this system is illegal and may result in termination or legal action”.

    They chose to click past a warning reminding them they were about to break the law, they chose to ignore it, they chose to access protected systems and potentially violate FERPA protections for the whole University. At that point they forced your hand. They haven’t left you any choices here.

    Don’t blow up your entire career for this person, you’re in potential “mandatory reporting” territory here, pass it up the chain and let the chips fall where they may.

    1. PieInTheBlueSky*

      OP#2 seems to be focused on addressing certain technical aspects here (IP addresses), but there appears to be a massive organizational policy/business process failure. To address this with higher-ups, one shouldn’t need to say anything more than “FERPA” or “GDPR”.

      1. OP#2*

        I don’t disagree with you. The structure is a mess, but I have very little power to make significant changes. That’s why I’m focusing on what’s within my own purview (IP addresses) because relying on other people for information generally ends up creating more problems for me.

        1. Agent Diane*

          You can action informing – in writing – your relevant official that there has been a breach. In my old department, failure to do so within 72 hours got you one heck of a conversation.

          You need to see that the systemic failure of the organisation’s data security does not make you not liable. Why should you take the fines etc for your organisation’s lax security processes? You need to take their perpetual shoulder-shrugging as a red flag and take steps to protect yourself.

        2. Akcipitrokulo*

          Do you have a Data Protection Officer (or similar?) Report to them. If you don’t, report to your legal team. This is all kinds of regulatory trouble in the making.

  30. Anonymous Poster*


    Former professional in the aerospace industry here.

    8 months with solely a RIF looking for a new job is not considered all that unusual in our field. That, combined with having a child, is wildly understandable. Most good employers will not think anything of you not having been working at that point in time.

    That said, fair warning, there are employers that will care. They’re also the ones you probably want to dodge, because how dare you have things like “family commitments” and “children” that trump your overarching dedication to the project, the work, and humanity by doing such petty things like taking care of your family and spending time with them.

    I wish I were joking, but I’ve encountered it as a man in my industry. I was given the side eye when I took some time off to go to my grandmother’s funeral, or to spend time with my wife after a miscarriage. I’d imagine with those kinds of managers/employers it may be worse for you. But I think you can screen best for that by being upfront that you took time off also to care for your child, when they ask about why you haven’t been working for a few months. The ones that won’t give you the work/life balance you need won’t advance you in the process anyway.

    Another option is that some aerospace employers are moving toward more and more remote work, depending on the type of work you’re doing (i.e. commercial/private aerospace vs. military). Some commercial folks might have a remote possibility open to you that normally you couldn’t take because of where you live. Sometimes they’ll need you in the office for half a week every month or something too, but it gives you a few more options, I’m hoping.

    Best of luck. I hope you find a great fit soon. I hope you’re enjoying (as best as anyone can, I’m sure) being a parent.

  31. Mim*

    If you take the last treat then you have to clean up, right? I assume that’s why a lot of people don’t want to take the last bit. They don’t want to be responsible for washing a dish or cleaning up crumbs. If you just want a bite of something but leave more for someone else, you can make believe you don’t hold any responsibility for doing cleanup.

    Is that the cynical view?

    I also worry about whether everybody has had a chance to take some. I don’t want to take too large of a piece of something and leave someone else without a treat.

    1. Seeking Second Childhood*

      That’s my rule for my family! It keeps my kid from objecting TOO hard when she can’t find the last of her $SpecialTreat that she didn’t think to go back for until five days later. (If I *hadn’t* eaten it, it would have grown legs and walked off on its own!)

    2. musical chairs*

      I’ve always thought it was about cleaning up. Otherwise why wouldn’t this hesitation to leave some for others apply—with less intensity—to the second to last cookie?

  32. Lee*

    #3, I have an alternate theory – no one wants to clean the crumbs, wash the plate, throw away the plastic wrap…I’ve never seen anyone in my office show any hesitation, let alone shame, for eating whatever lands on that break room table, but cleaning up afterwards? Not likely.

  33. Klingons and Cylons and Cybermen, Oh My!*


    If the rumor did start with Betty, then correcting or fact-checking it constitutes “speaking ill of the dead,” which etiquette commands us to avoid at all times and at all costs.

    Sorry, but you seem to be stuck with an undeserved reputation.

    1. Seeking Second Childhood*

      Eh I’m sure you can find someone who quit or retired before that new hire came on board — everyone knows that the last person to leave is the one you stick all the poor decisions on so that the remaining staff can start with a clean slate. ;)

    2. Grace*

      But OP doesn’t *know* that it started with Betty, they’re only pretty sure. (I mean, they do know, more or less, but no-one has explicitly told them that she started it.)

      Fact-checking/correcting what *Veronica* is saying doesn’t require saying “Your now-deceased coworker was lying to you.” You can tell Veronica that you don’t know how this rumour started but it’s not true, and you think that telling it to new hires is not only spreading untrue rumours but also giving them a terrible impression of what the workplace is like, both in terms of gossip-mongering and altercations, so cut it out.

      I feel like “undeserved reputation” is underplaying this a little – OP’s new hires are all being told that their manager is violent and has got into physical fights with employees. That’s not exactly going to make the new recruits want to trust their manager or the judgement of the company as a whole.

      1. Elizabeth West*

        This–the problem now isn’t that Betty [may have] started the rumor. The problem is that Veronica is perpetuating it.

        Also, WTF VERONICA

      2. OP1*

        I definitely worry about what this is doing to the new hires; Fergus, for example, previously worked in an environment where a story like this could have been true. I think the whole thing caused him a significant amount of anxiety until he got to know me well enough to guess it was a fabrication. Another one of the new hires was a former police officer; goodness only knows what she thought!

    3. Myrin*

      Maybe my general dislike for this “no speaking ill of the dead” stuff is coming through here but I couldn’t disagree more. If someone deserves to be spoken ill of, I don’t know why one should refrain from doing so just because they’re dead. Obviously, one shouldn’t necessarily run up to their grieving family members and throw all the ways their deceased loved one was horrible in their faces – but that’s not what’s happening here; this is something that concerns OP personally and intimately and also has an impact on her work environment, which needs to be addressed promptly and pragmatically, not danced around because of some ill-conceived notion around etiquette. Nevermind that, like Alison says, Betty doesn’t need to be brought into this at all, anyway. And, most importantly: simply correcting something someone’s said isn’t automatically “speaking ill” of them, it’s just… well, correcting them.

      1. Kathleen_A*

        I agree. The OP ought to try to correct the record, and assuming Veronica isn’t a nut (that the main problem was Betty), I think there’s a decent chance that this might actually happen. There’s neither a reason nor a need to attack Betty’s memory or anything.

    4. Ask a Manager* Post author

      No, absolutely not. The OP doesn’t need to speak ill of Betty to correct this, as I said in the post. But even if they did, that’s allowable in a context like this one. The answer is certainly not “too bad, you have to let this false thing be said about you.”

    5. SarahTheEntwife*

      Even if it does turn out that Veronica first heard the story from Betty, there’s a lot of room for an explanation along the lines of “Weird, I wonder where she heard that? It’s definitely not true!” that preserves Betty’s reputation as being sincerely misinformed rather than spreading malicious rumors (and it may well even be what actually happened!). If we have to preserve people’s memory to the extent of them never having been wrong about anything, that’s an awfully high bar.

    6. Environmental Compliance*

      Perhaps I’m a curmudgeon, but if someone was spreading around a rumor like that, I’m not sure I’d care that much that a person who is now dead started it. I’d still go around correcting it.

      1. Maria Lopez*

        I agree. If Betty indeed started it, she was not fundamentally a good person, and if she knew she was terminally ill at the time, she wasn’t thinking long term.

    7. Observer*

      This is so ridiculous that I’m going to assume that you’re just trolling.

  34. Random thought*

    #2 depending on what he has accessed during his time away, since you have student info, this could be serious enough to require notification under your state law of a data breach (depending on where you are located). if you dont get traction in your department, is there anyone in legal you could report this to? I’m a technology attorney in a financial institution and I would definitely want that call if it were me!

  35. Not So NewReader*

    OP 1. I knew I could not count on my bosses to back me up regarding bad rumors. Uh, at least one of them was helping to perpetuate these rumors.

    So what I did is talk to the person who mentioned the rumor to me. “You know how you mentioned about X rumor? Well, I have decided that I am tired of listening to people repeat that and I would like your help. If you hear it will you please jump in and say that is not true, here is why[reasons]. And then encourage people who still have concerns to come talk with me.”

    Here’s the key part: Then I went to my boss and worked this into conversation: “Yeah, I am tired of listening to rumor X and I have started telling people when they hear others mentioning it, that they need to tell the speaker that the speaker should come talk things over with me.”

    My boss suddenly got very uncomfortable in her chair and started shifting around. It was interesting to watch.

    But I found this to be effective regarding that particular rumor. I had to do that with each rumor as I decided I got tired of it. See, the core problem is the rumor culture. Our place used rumors as fuel/energy to get through the work day. People thrived on others’ misery.

    You might want to keep an eye to see if this one rumor is part of a larger pattern. Hopefully, it’s not.

    1. Jam Today*

      I’ve thought about this a lot, and I like the way you put it: ” Our place used rumors as fuel/energy to get through the work day. People thrived on others’ misery.”

      I used to work for a company where this was the case (I posted below about it, but didn’t really get into exactly how vicious it really was), there was a segment of the company that was just an absolute nest of vipers. I came to realize gossip was social currency — having gossip made a person powerful, especially if it was salacious, so they would use that to get people into their social circle by allowing them into this secret knowledge that gave them control over others, and as an unspoken threat when people didn’t give them what they wanted. Nobody wants to be the target of gossip, so if there are people who control the gossip flow, you better not do anything that’s going to make you a target. What I also learned (the hard way) was, if you don’t give them any access to you, they’ll just make shit up.

  36. Samwise*

    OP #2 — tell your boss yesterday. This is horrifying, and frankly your former coworker needs to thrown under the bus and I hope the bus backs up over them over and over. This person worked in IT at a higher ed institution = absolutely no way no how that they could not know the LAW regarding the confidentiality and privacy of student records. This activity speaks to this coworker’s astonishing lack of integrity.

    Your institution needs to get its act together RIGHT NOW and figure out how to deactivate former employees as soon as they’re “former”. Slacking off on this for I don’t know how many years: the institution you work at deserves some serious consequences.

    IANAL, but I’d bet that because you now know about this breach, *you* may be in trouble if you don’t do anything about it fast.

    1. Auntie Social*

      I can’t believe it’s not part of an exit procedure–turn in your keys, photo ID, deactivate your system access, etc.

      1. OP#2*

        It’s kind of difficult to explain. An employee can use a database username and password or single sign on to access the system. Individual users can request access to the system, but it’s still a very niche use case on campus. Many people forget they’ve ever used it or have a log in, and their managers probably remember even less. Since we’re so siloed and don’t have access to employee records through HR or central IT, it hasn’t been incorporated into the exit procedure.

        This is not to say that it shouldn’t be. I’m just trying to explain where the breakdown has occurred.

        1. Autumnheart*

          The Target breach was caused by a third-party vendor clicking on a shady email. He only had the free version of Malwarebytes instead of the commercial version. The hackers were able to capture his credentials and infiltrate the POS system that way.

          Just sayin’.

          1. Observer*

            Well, it was also the fact that Target had turned off the automatic defenses of their anti-malware and monitoring product (FireEye, if recall correctly), had set the alerts to go to basic support in India and then ignored the emails from India Support about the alerts coming in about the system.

            This was a MAJOR mess – and it sounds a LOT like the set up in OP’s place.

            OP, if you can’t get any traction start covering yourself. EMAIL your boss about what you discussed and BCC yourself AND an outside address. Email anyone and everyone in the org who might have anything to to with preventing future issues like this, remediation of a current incident and legal / compliance issues.

            You don’t want to be the one thrown under the buss when it hits the fan.

            1. Wintermute*

              THIS. Like HIPPA, FERPA includes not only organizational but the potential for personal liability. this is not just a you could be fired warning, or a you could be punched in the nose warning, but a you could go to jail warning. Yes that is rare, I don’t mean to be overly alarmist but great googly moogly some level of alarm is warranted.

        2. Wintermute*

          As a technical matter this is why SSO is so powerful, disable their active directory and it cascades down disabling anything that’s tied to it.

          1. Observer*

            And the fact that he switched his access from SSO to a separate log in tells me that he planned this.

  37. Kat Em*

    LW #3, in my workplace the person who takes the last treat is expected to wash the plate on which they are sitting, which results in a lot of this behavior. But there’s also a CONSTANT stream of baked goods because folks do lots of recipe testing for work purposes, so it’s not like treats are especially exciting. Nobody is ever worried about being selfish when it comes to eating them, because they’ll end up in the compost otherwise.

  38. Utoh!*

    OP 2 – In my office not only will they cut the last item (whatever it is) into halves/thirds/fourths, but whomever takes the last crumb leaves the container it came in! Throw it out if you take the last morsel, I don’t care if it’s microscopic!

  39. Phony Genius*

    For #3, back in the old days when parents taught their children proper etiquette (yes, this used to be done), we were taught that you could not take the last piece of cake, cookie, etc., without first asking everybody else if they wanted it. Translating that to an office, it is too much hassle to go around asking everybody. The easy way out of this obligation is to just leave it there.

    I’m thinking about an experiment with this. Quietly set out a tray with one cookie on it, and say nothing. See how long it takes for it to be eaten. Repeat over and over until the box is empty. Does the amount of time shrink each time you do it?

    1. LCL*

      Ooh, I want to help with this experiment. Can we use different types of cookies, though? Oreo vs sandies vs shortbreads, etc? I think further research is justified.

      1. HailRobonia*

        There is a strange phenomenon (perhaps caused by quantum physics or maybe sunspots) that results in the last remaining cookie always being oatmeal raisin. Even if no oatmeal raisin cookies were in the initial bunch of cookies, a superposition of end-state probabilities will collapse and cause the last cookie to be oatmeal raisin.

    2. Grapey*

      Man, parents pass down some of the most nonsensical “manners”. I think it would be far worse manners to be the person that agrees to eat the last cookie when someone is standing over it, clearly wanting it, but offering it to you out of “politeness”. I also think it’s poor manners to leave the host with one random cookie to clean up/eat instead of giving them a plate they can move right to the sink.

      That one is up there on the dumb list, a few spots below forcing you to kiss every old grumpy relative goodbye when they otherwise never even talk to you or ask how you’re doing.

  40. Nanani*

    My first thought is that it might be your former colleague logging in at all – their account may have been compromised by a third party. If your organization has reason to worry about security breaches, then an open account for someone who no longer works there is low-hanging fruit for anyone who wants in for illegitimate purposes.

    DEFINITELY report it up. If it turns out to be a third party, automated process, or something else, then not only is your former colleague not at fault, there’s also likely nothing they could do about it.

  41. blink14*

    OP#2 – is it possible he’s logging into the system through an employee portal for personal information? For example, at my university, we have an internal portal that contains access to employee information like electronic pay stubs, tax forms, and links out to our benefit plan and retirement plan.

    1. OP#2*

      No, this is a system solely used for student information and marketing communications. There’s no employee information tied to it at all.

      1. Ginger*

        What type of role is in he in now? I’d be worried he is accessing the data for improper use, not just being nosey.

        Ultimately, it doesn’t really matter why he’s in there, he needs to be cut off ASAP.

      2. Sarah N*

        Eeeek. The fact that this is student info really takes this to another level of badness given FERPA regulations. Even if you have generally kind feelings toward your former coworker, this is definitely a “go to your boss” first situation given that it could involve illegal activity. Your primary concern has to be protecting student information, not protecting a former colleague.

          1. Observer*

            I’m going to reiterate the need to document your conversations, and perhaps going above his head. Your boss is NOT handing this well. And you really want to make sure that YOU don’t take the fall when something bad happens.

      3. Observer*

        That’s just HORRIFYING.

        This is absolutely a Federal issue, and as others have noted, if you have any Eurozone students, GDPR as well. And that stuff can bite you HARD.

  42. DB Dev*

    One thing to keep in mind for the database issue, is that this might not be a case of the former co-worker logging in. There may be programs / systems that are set up with a database sign-on, rather than generic credentials, and so they may still be using his.

    That’s always a potential nightmare (because of the very issues of it looking like the former employee is accessing the system). Of course, you can also get some surety that things like this aren’t happening by firewalling access to the databases to the fullest extent possible.

    1. Observer*

      Given that he changed his credentials just before he left, that’s highly unlikely. It also means that he PLANNED on doing this. Not a good thing.

      OP I’m glad you realized that this reflects poorly on him. The fact that your organization handles things poorly, and even that he had a legitimate issue does NOT in any way justify this.

    2. Wintermute*

      Too many developers do this, they have automation jobs and wwhatanot set to use personal credentials. That’s why I’m glad currentJob has a strong system of service accounts and enforces them, all database access goes through the DBA or a service account, no exceptions, and the DBA doesn’t have full data access only schema and other high-level structural control.

  43. it_guy*

    #1 – Speaking as a systems DBA, another possible reason that it could happen is there is a process on another server that is automatically logging in with his credentials, because they are hard coded to the process. Some schedulers may require a connect string that have his login hard-coded. If you can see what the computer name where they connection originates, that may help clear this up.

  44. wafflesfriendswork*

    At my office it’s a common practice for people to get bags of chips at lunch that everyone can share, and then at the end of lunch they’re in the break area for snacks or for the next lunch–we had to institute a rule that if there is an approximate single serving of chips left in the bag, the person who wants to have any chips MUST finish the bag. We had a problem with opening up the bag to find only one or two sad chips at the bottom from people not wanting to be the one to finish the bag.

    1. ClumsyCharisma*

      How frustrating. I’d rather have no chips than to get excited about a chip snack and be disappointed (chips are my weakness).

  45. Honor the Purple One*

    #3 is super-common in Minnesota, to the point where any box of cookies or doughnuts will have a sad quarter-piece left at the end of the day.

    When (Minnesota native) Prince died, local media was filled with his music and remembrances. We started saying at our office that the last piece of any office treat was an offering to Prince. You can’t ever take the last piece, but you may cut it in half to share with Prince.

    1. Sapphire*

      I love saying the “last piece is for Prince” thing, and have even had people ask me if that’s true.

    2. LizB*

      The Facebook page “Cursed Last Bites of Minnesota” is a great repository of this phenomenon.

    3. Barb*

      I’m from Minnesota, and this always drove me nuts. Now when I go back, I make a joke about being away from MN for too long, while directly asking who wants the last one. I’ve gotten a direct answer, but not sure how well it would work if I didn’t have the plausible deniability of having moved away. Trying to get people to be direct, even just to be sure you’re not violating their social norms, is really really tough. Goes right back to Ask/Guess culture.

  46. Jam Today*

    Man, some office gossip mills really take the cake. I have worked for two companies with crazy gossip mills (fortunately I have worked for more companies with no gossip), and learned some really amazing things about myself, including that I had an affair with my boss at one company (I ended up contacting an attorney for advice about that one, since that’s potentially a career-ender), and that at another I was a roller derby skater, that I managed a roller derby team, and I had hooked up with multiple guys at the company (two of the guys I was imaginary-sleeping-with were really attractive, so thanks to the Mean Girls for believing in me, I guess?)

    I have nooooo idea where any of those came from, other than I used to go to roller derby bouts, and I was friendly with two of the guys I was pretend-shagging, but I guess people need something to do so they decided to turn me into a fanfic villain. It was definitely weird discovering that people I barely gave a second thought to (for real — neither our work nor personal lives intersected in any way, I basically knew who they were and their job titles and that was it) had created an entire fictional persona for me and routinely discussed it amongst themselves.

    1. Grace*

      I can see someone who knows that you’re friendly with these guys making up rumours out of jealousy, or if they’re the kind of people who don’t act friendly to someone of the desired sex unless they want to hook up with them (also, laughed out loud at “thanks to the Mean Girls for believing in me, I guess?”) – but what on earth did they get out of this whole roller derby malarky? I can see where it came from, if they know you were interested or whatever, but *gossiping* about it?! How is that in any way gossip-worthy?

      Man, your ex-coworkers had some very sad and uninteresting lives if that was the best entertainment they could come up with.

      1. Jam Today*

        NONE of it was gossip-worthy. I went to some derby bouts and was seen talking to a guy in the hallway? The truly remarkable thing is that my actual personal life was and remains boring as shit. I go to work, I go home, I watch TV with my cats, I go to bed, I get up and do it all over again. The disconnect with who I am and the persona that the rumor mill created for me is *vast*. At least in someone’s reality I’m living a really exciting life with lots of handsome men hopping in and out of my bed.

        It was pathetic on their part, but it was also harmful; one of the more persistent rumors actually wrecked my friendship with one of the guys I was not-shagging.

      2. Bananatiel*

        So I have family involved with roller derby and love the sport but I have some speculation if Jam Today happens to live in a conservative area or work with conservative people: it’s a sport that is very open and welcoming to nonbinary individuals (in my experience) which can be scandalous in those circles for dumb/obvious reasons. But that’s about the only thing I can think of, just good ol’ pearl clutching.

        1. Jam Today*

          Quite the opposite, I live in a large-ish city in a state known for its social liberalism. I think they glommed onto that because they literally knew nothing else about me.

          The funny thing is: up until I realized I was the target of gossip, I was an open book with people (I am extremely careful about who I associate with now, and guarded about what I make available for public consumption). They could have learned anything they wanted to know about me if they’d ever invited me to any of the million parties they threw.

          1. Bananatiel*

            That’s so odd– but then again I’ve definitely worked in similar environments. Oldjob was so toxic about gossip that I just went to work every day for five years knowing people were saying things about me but just being glad I had absolutely zero idea what they were. I was the odd creative in the office so I’m sure that people probably thought I went to raves or something like that when I reality I too lead a very boring life for the most part.

          2. Grace*

            They probably enjoyed the act of gossiping, rather than actually knowing anything. Actually knowing things about you is no fun at all, because like you said in your other reply, most people’s lives just aren’t that interesting.

            I *kind* of get that – we make up all sorts of fun stories about our across-the-road neighbour who disappears for weeks at a time and then returns with a new car – but a) it’s mostly kooky “he’s a spy!” stuff, and b) it stays entirely 100% within our house and only gets brought up when we’re eating breakfast and see him pulling up at 7 am for the first time in twelve weeks or whatever, rather than being a regular or wide-spread topic of conversation. What they did – spreading rumours and breaking up your friendships – is very different than a bit of harmless speculation.

    2. Myrin*

      I find this stuff super weird and super fascinating at the same time. I’d love to get a glimpse into minds like that.

    3. Me*

      You have my sympathy. There’s a particular brand of nasty gossip that involves reducing women’s success to sleeping with men who work there. Generally spread by other women in my experiences. Been a target myself. Hasn’t affected my career but it certainly could have. As such I immediately shut that crap down with the patented dumb question method.
      Why would you say that? (there’s never a good answer to this one – a lot of stuttering ensues normally)
      Do you have some kind of proof? (of course not)
      Does it actively endanger the company this thing you have no proof of? (never gets this far, but I like to be ready)
      How is that my, your, our business?
      Why would you spread harmful gossip about people?

      1. Jam Today*

        I found out about the affair-with-the-boss rumor after I gave my notice at that company, because I overheard one of my coworkers talking on the phone about it while I was one cube over. Hey dumdum, I can hear you! About 1/2 hour after that I had occasion to talk to her about whatever and said “Can you imagine, having all your work, your knowledge, all the skills you’ve built up over the years reduced to body parts?” and that was the end of that.

        1. Wintermute*

          I’m a fan of “the only body part it’s okay to reduce a co-worker to is a brain” for shutting that down.

      2. Michaela Westen*

        Thanks, I’m going to keep this in mind for the next time I encounter bad gossip. Thankfully it’s not often, but when I do I’m usually so surprised and offended/scared/disgusted I just walk away and never speak to the person again.
        The worst I’ve ever seen was my neighbor in a poorly managed building. Three times I saw her make up stories from nothing, like the time she assumed a neighbor who was home on weekdays had committed a robbery. It was scary that she had no boundary between imagining something, and thinking it was true. :o

    4. The Hamster's Revenge*

      I’ve heard some of the strangest things about myself over the years, courtesy of the rumour mill. I just shrug and say, “My reputation exceeds me.”

  47. Coverage Associate*

    I haven’t read the book, but there is a book of workplace etiquette titled “Don’t take the last doughnut.”

    1. The_artist_formerly_known_as_Anon-2*

      Usually the last doughnut is one weird variety that no one else wanted to eat, anyway.

      If you’re hungry and willing to eat the peppermint fudge glazed doughnut, go for it. It’s just gonna go to waste.

  48. Amber Rose*

    My mom always said “a good Jewish girl never takes the last bite.”

    I’m neither good nor Jewish (except by blood), but I guess I was socialized not to take the last of anything and it’s a hard habit to shake. It’s become a joke between my husband and I when we share desserts at restaurants, with us competing on how small of a bite we can take while still leaving some.

    Just one of those weird quirks of “polite behavior” some of us were brought up with I guess.

    1. Holly*

      That is so strange… I don’t think there’s anything Jewish about that sentiment. It’s always been more about not being wasteful and enjoying everything you have.

      1. Amber Rose*

        I know right? No idea where it came from, but it was often repeated when I was a child. I hear it echo in my head every time I see a single cookie in a box. Though as an adult, I often just shrug and take it anyway since as I said, I’m not good or Jewish. xD

      2. knead me seymour*

        I can’t speak to the Jewishness of this sentiment, but I think there is a correlation between the virtues of not being wasteful and of not clearing your plate. I think it comes from giving the appearance that you’re not hungry at the end of the meal. I think this is pretty common to regions where most people aren’t very well off–the worst insult to a host is the idea that a guest is leaving hungry. So the single symbolic bite represents the fact that you’ve had exactly enough to eat.

        1. Southern Yankee*

          This is really interesting, and not a take I’ve heard or thought of before. I can absolutely see the logic of it from the viewpoint of my parents & grandparents that lived through the depression.

          1. Wintermute*

            It’s very common in Asia, and in many hospitality-oriented cultures (Bedouin, Persian, etc).

            For instance if you’re drinking in Japan and you drain your glass it will be continually refilled by your host (and you should do the same for them), if you want to STOP drinking the signal is leaving a good sip in the bottom of the cup, then they have cultural permission to stop topping you up.

    2. The_artist_formerly_known_as_Anon-2*

      My wife is like that. She won’t take the last brussel sprout or piece of broccoli. That forces ME to eat it.

  49. Goya de la Mancha*

    #3 – it always amazes me that the same people who have no problems taking multiple food items at once won’t “touch” the last cookie. Is this some sort of justification in their mind? Like, “I left one just in case anyone else wanted one, I’m such a good person”?

    1. Autumnheart*

      If only we could somehow combine the people who hog all the food at the company catered lunch, with the people who perpetually cut everything in half.

  50. Jennifer*

    #1 This is actually a tad disturbing because it seems to be a rumor that doesn’t have even a kernel of truth to it. Most rumors start out at least a little true but the truth gets embellished and twisted as it’s repeated over and over and over again. But at least you can figure out how it got started. If it was Betty, there’s no use worrying about it now. But I’d watch my back just in case it wasn’t. That’s quite a malicious rumor.

    1. Auntie Social*

      I wondered if Veronica wants the OP’s job (whether she’s qualified for it or not) or if the OP had had a project that Vomiting Veronica wanted to run or be in on–maybe she’s holding a grudge.

      1. OP1*

        This hadn’t really occurred to me, but maybe? She’s apparently also been saying she’s more qualified for my job than I am (she’s not; she has a BA from the University of Phoenix, and I have an MLIS from the University of Illinois; I also have 16 years in at this library, and she’s only worked in our field for about 8, and at our library in particular for less than 3). She’s always been in Children’s Services, though, and most of them avoid switching to Library Administration like the plague (pipe cleaners & glitter vs. statistical reports and budget meetings; who WOULDN’T?), so it’s maybe more generalized jealousy, rather than actually wanting the job? I’m not sure.

  51. LaDeeDa*

    The said half cookie reminded me of my great-great aunt. She was a very large woman, at every family dinner she would eat at least 2 full plates of food, but then when she was done there was always one teeny tiny bite left, and she would sigh, push her plate away and say “I couldn’t possibly” She was raised to believe that a woman never finished all the food on her plate. 15 yrs after her passing and someone says “I couldn’t possibly” at every single family dinner. <3

    1. MatKnifeNinja*

      Midwest raise kid here.

      You ALWAYS left something on your plate for Miss Manners. Taking the last scrap of something or scraping you plate clean meant you had no manners, where raised in a barn yard, and it was insulting to the host (?).

      Now, my office has the equivalent of human formed locust. The only reason the last sad donut is on the tray is because ALL are too lazy to clear the tray or pitch the box out. Manners doesn’t even factor into the mix.

      I’ll take the last donut and break it up for the squirrels outside, and wash the stupid tray.

  52. LaDeeDa*

    The rumor is so bizarre. I would love to know how that even came about! Since Veronica was Diana’s replacement, the rumor surely started with Betty. I hope Veronica sheds some light on it, and that OP will update!

  53. ENFP in Texas*

    OP#2 – save a copy of the user login history and deactivate the account immediately. Then notify your boss. Do NOT talk to the former co-worker. There is no reason to. Do not worry about “dragging his name through the mud” – he is doing something he is not supposed to do, and any repercussions for his actions are ON HIM, not YOU.

    1. A Non E. Mouse*

      IT worker here – definitely save the logs, but don’t go in guns blazing after the ex-employee.

      Despite my own bird-dogging of old accounts, years ago we had one that flagged when I pulled logs….and it turns out, by edict of an Exec the account had been left open (password changed at least, but it’s not like they set a complex one even then) *because it was “easier” for this man’s replacement to just use those credentials* then try to, I don’t know, figure out how to do his job the right way?

      So it’s possible, in that I’ve seen it with my own eyes just like a brand new cable can be bad out of the package, that’s is someone else using those credentials.

      It’s of course always possible that he is using them himself- but I would really wonder if it’s someone else just using his log in because they didn’t get the permissions they needed on their own.

      I would also try to find out if it’s even a person, or are those saved credentials a server or service is passing? Because I’ve seen that too (usually when I’ve decommissioned and account and a service fails, alas).

      1. Wintermute*

        My usual suspect for this is a Control-M job or other automation using a developer’s account not a service account. It’s too easy to hardcode your credentials (and totally a bad practice for so many reasons including the fact one .XML dump then exposes your password to anyone with access to the planner module).

      2. The_artist_formerly_known_as_Anon-2*


        I once learned that a deceased employee’s login was still in daily use. Suspended it, then five minutes later my phone rang… “HEY!!!”

  54. Batgirl*

    I have never in my life seen a work cookie, doughnut or muffin cut up into pieces. Possibly because no one in the north west of England is quite that dainty. Possibly because I, Batgirl, for many years dutifully dispatched the last-anything in one fell swoop. Since I’ve been gluten intolerant for two years I clearly have a successor as office-kraken.
    Seriously though, are we talking about cookies the size of plates? Or is this linked to the ‘don’t clear your plate’ rule which is also a foreign idea in these parts….

    1. Overeducated*

      I think it’s linked to the “oh, junk food, I couldn’t eat the whole thing because it’s just so bad for me…” culture too.

    2. Asenath*

      I’ve very rarely seen a work cookie or muffin cut up, and any left-over birthday cake is firmly presented to the honoree to take home at the end of the day.

      However, the idea that taking the last cookie/cracker/chocolate/other treat shows greed and a total lack of consideration for one’s starving co-workers is alive and well. I have been battling that by taking the last item, particularly if it’s late in the day, so everyone else has had a chance. And it might attract mice if left overnight. Or dry up and go bad, which would be a shame.

    3. The Man, Becky Lynch*

      Worse than a cut up treat…the person who takes just half a bagel. Thankfully only my mother does that in my life but I’ve heard it happens in some offices as well. At least mom is doing it with her own bagels and not the ones brought in at work because she’s aware that nobody wants the other half of your bagel unless it’s your family member.

      1. Batgirl*

        Ok that is nonsense! Not your mother; wear your own baked goods as a hat if you want to – but half an office bagel is getting into terrority were people will start leaving half an oreo or a custard cream. Essentially you’re not leaving people anything but a mess.

  55. Lepidoptera*

    Y’all are responsible for the bag of cookies I just bought from the vending machine.

  56. Observer*

    #2 – I haven’t read the messages, so I don’t know if I’m repeating. But I actually hope that I am because this is a REALLY big issue.

    Please report what happened IMMEDIATELY, and yes, use it to push for better processes. If the former colleague had permission to access the system, you should have been informed, but his reputation won’t take a hit. If he did NOT have permission? Well, then he deserves the hit his reputation takes. Any competent IT person at the level you describe should know that logging into systems that they aren’t supposed to have access to is a big No-No. Anyone who has worked in Higher Ed should also be aware of the legal privacy implications.

  57. Sylvia*

    I once read that eating the last cookie was a sign of entitlement, so I started eating the last cookie, hoping that it might be like a magic pill that would make me more assertive. Unfortunately it had no carry-over to my everyday life.

  58. Rebecca McHugh*

    #3 whenever I see this happen, in order to not waste food I waggle the plate with the last cookie/donut/dumpling whatever in front of whoever I think wants it most/didn’t have as many/ I like best and say “Go on…the last piece is the luckiest!” and it usually gets scoffed. Or you can wave it around the circle saying the last piece is lucky…the luckiest feeling person will step up!

  59. learnedthehardway*

    OP#4 – Another very good reason to not claim you were a consultant when you were on parental leave is that you could very well be asked about what consulting projects you are doing, and then asked for references from them. Not to mention that recruiters hear the “I’ve been consulting” and think (if there are no details to back that up), “Oh, unemployed and not willing to talk about it. Huh, I wonder why?”

    In other words, it’s extremely bad advice from the recruiter, as you have already thought.

    That said, the recruiter may not be off base to suggest that you not discuss your parental leave. They may be aware of attitudes in your industry that are not progressive or that would penalize you as a candidate.

    I would suggest telling employers that you left on good terms as the result of the mass downsizing, along with however many other people were let go at the same time. You’re taking your time with your job search to find the right role at the right level, where you can really contribute / whatever to the company you join. You’ve taken some personal time off, and are now raring to go to get back into work.

    You’re entitled to date the time you left the job from your layoff date, same as others. You were on leave from the company, but were still an employee.

  60. Phony Genius*

    I have head that in some cultures, clearing your plate means you want more, and your hosts will oblige. You have to leave something on your plate if you are really finished in these places. I think China is one such place.

  61. Workerbee*

    I eat the last cookie. I therefore wholeheartedly support anyone else who’s long been tempted and never reached out.

    In the offices I’ve been in, sure, there is often a Sad Remnant of something-or-other left behind for a good portion of the day, but I’ve also invariably noticed that later on, that Sad Remnant has disappeared, presumably to be ingested.

    So somebody always is eating the last whatever. Barring spiritual visitation, that somebody is most likely another colleague. Why shouldn’t it be you? Be bold! Go forth and unapologetically nourish your entire inner being.

  62. Wantonseedstitch*

    OP#2: I second Alison!!! I am also in higher ed, and I don’t know if the database in question is alumni and donors, or if it’s a student database, but either one of those contains info that is absolutely critical to keep confidential. What your former coworker is doing is a big breach of professional ethics. You definitely need to let your manager know what’s going on. If any information were found to have leaked out, your school could be held liable for it.

  63. Impolite*

    #3 I grew up in an environment, where there was no such rule, so I have no problem eating the last cookie :-)

  64. The Man, Becky Lynch*

    Around here if something is left to linger, I just eat it myself. That will solve all your worry in the end, just grab the scrap and either put it in your mouth or in the trash. Problem solved.

    This only happens rarely around here thankfully, it’s usually the “weird” flavored cookie in a mixed plate or something like that. Nobody actually wants it and thankfully nobody takes chunks off of things but I think that’s to do with being heavily male, I find that women are more likely to cut something in half due to our society and their ingrained abuse of self sacrificing for the rest.

  65. Xtina*

    Regarding the last cookie: I disagree that it’s rooted in politeness. In our office, it’s most clearly a side effect of laziness: if I don’t take the last item on the plate, I’m not responsible for cleaning it up. The women in our office are pretty cognizant of what it means to finish an item, and will generally wash the plate/serving utensils and wipe down the counter. The men, on the other hand, have been caught red-handed taking the last goodie from the plate and bolting to their office so as to not be responsible for cleaning up.
    I’m sure some will think this is gender bias, but is it really gender bias if it’s true?

    1. Grapey*

      Whoever sets out personal tupperware/sets up catering trays is the one to clean them up afterwards is how my office works.
      (I’m a woman and won’t clean things for other people at work, sorry not sorry.)

  66. Kitty*

    I have zero problem taking the last cookie. I will take all the cookies if I have time and plausible deniability.

  67. Last Cookie LW*

    I love the comments that my question have generated! I am glad to hear it is the norm to not eat the last cookie and not just a weird quirk of my weird company. After reflecting on the situation and seeing not one, but TWO half donuts left in the breakroom today, I believe that there are a number of influences at play in my company: 1. No one wants to be rude. 2. No one wants to do the dishes/throw out the container. 3. No one wants the last sad bit because it looks pre-handled, especially with multiple pieces hacked out of it. There are many times where I will just eat the last cookie to show it that it was loved, but usually the last one is some gross flavor that no one wanted anyway, so I often don’t want to waste the calories on that.

  68. Aoife*

    Are we really going to pretend that jobseekers don’t lie in these instances ALL THE TIME? As with certain cases of civil disobedience, sometimes the ends really do justify the means.

  69. The_artist_formerly_known_as_Anon-2*

    #1 – not so weird situation – when an employee leaves, and goes to a competitor or a better situation, sometimes those “left behind” will try to smear/discredit his or her efforts expended on behalf of the old firm. Sometimes out of anger with a twist of jealousy – “She left us. How DARE she do that!” or “She was no good anyway. Do you that she (made up a story)????” OP is correct at setting the record straight.

    #2 – Having worked in data security for MANY years – this situation is intolerable and never should have existed. Your former co-worker’s computer access should have been shut off the instant that he walked out the door on his last day. This is a nice opportunity for you to stress that adequate security / resource control should be put in place NOW.

    I sometimes see people talk “we have to get the passwords from an employee” – you should NEVER have to do that ; even at the system administrator level you have two IDs – for two different people, and when someone is ousted, the oust-ee’s access is revoked and a new ID is given to someone else. So when Betty leaves, there should be no need to get her to cough up a password. There are other ways to retain access to resources.

    Worst yet – this might not be your former employee logging in! Are you in an environment that fosters password-ID sharing? This is why you don’t share logins and passwords. Not even with your boss. Not even with your subordinates. It’s called “establishing accountability”. Your bud’s ID was used but was it HIM?

    Hell, I worked at one place, where user-id & password sharing was so common, we found out a dead employee’s ID was still in use! I suspended it, and the user came forward within minutes.

    But that ID should have been shut off five minutes before your friend was out the door.

    #5 – tell your former co-worker the truth. You had to adapt to a new situation, you did, and you’re quite happy. But DO keep in touch as you might need that contact someday! Do not burn that bridge.

  70. People like shiny things*

    Cookies aside, where maybe (?) taking the last one makes you greedy, I have a problem where no one will eat the last Ritz cracker in my office. They leave the last one in the sleeve and open a new sleeve. I simply don’t get it.

    1. The_artist_formerly_known_as_Anon-2*

      The last Ritz in the old sleeve is usually pretty crumbly anyway. The new sleeve has fresher and whole Ritz crackers.

  71. Bowserkitty*

    I have no shame in taking the last cookie!! But I would announce it to my (admittedly small) office if I did, and if anyone displayed interest we’d halve it. We were all really comfortable with each other though.

  72. Anon for reasons*

    Late to the comments on this one, but I have to say that when I was laid off from my previous workplace, I enjoyed seeing how long until my toxic and not-very-bright ex-boss would take to remember to nuke my access to Slack. Too over two months.

  73. Gadget Hackwrench*

    Ugh. OP 1 I just had a very similar experience, only in my case an altercation DID occur (verbal,) it’s just that a new hire was told I was the aggressor, jumping down a (long departed) male co-worker’s throat for sexist remarks, when in fact his “sexist remarks” were an admonishment for ‘disrespecting’ him by a breach of the ‘ladylike’ behavior he expected of me, delivered at a shout from a foot and a half in front of my chair, towering over me while I sat there stone-faced but shaking in my shoes afraid to fight back because it was my first day out of training. He actually wound up calling our boss due to my lack of contrition (caused by aforementioned stone-faced freeze of terror) and I honestly thought I was going to loose my job, but it didn’t happen, because an escaped burp is not a disciplinary issue, but shouting and turning colors and calling your boss up in a rage to report your new co-worker for being ‘unladylike’ is. We were alone on shift that day which made it double terrifying, but also apparently ripe for spreading incorrect information about.

    I still don’t know who’s telling this to the new hires, and they won’t tell me. I guess they’re afraid I’ll jump down the storyteller’s throat like I did in the mythical version of the story.

Comments are closed.