I am looking for an impartial view on a situation my fiancee is in. Hopefully I can help put her mind at ease as she is in pieces. Anna is being investigated for potential gross misconduct for sharing a username and password. She sent a website link to a colleague but unknowingly this link included her expired username and password for a third party credit reference agency (access is revoked after 28 days inactivity). Anna had never used the details due to a recent promotion and on original receipt of the access sent an email to her IT support to have her access transferred to a colleague. IT set her colleague up with her own username and password which have only been accessed by that colleague. No customer information was ever exposed as Anna's access was decommissioned. The investigating officer of her employer has confirmed the details were never used but she is worried that even though this is the case the access details (even though decommissioned) were passed on by mistake... Sharing of a username and or password is warrant for gross misconduct in the employee handbook... Your thought's would be appreciated.