Stealing data... extorting $2.5 million from the former employer!

A man in North Carolina was convicted of extortion for carrying out the crime while working as a data analytics contractor for a technology company in Washington, D.C.

Although a news release from the Department of Justice issued Thursday did not disclose the victim’s name, court documents show that the person he extorted was Brightly Software, the SaaS company formerly known as SchoolDude, which was acquired by Siemens in August 2022.

Brightly has been operating for more than 20 years, has more than 700 employees, and provides intelligent asset management and maintenance software for more than 12,000 customers worldwide, with customers mainly located in the United States, Canada, the United Kingdom, and Australia.

The indictment shows that 27-year-old Cameron Curry (also known as “Loot”) used his access to Brightly’s payroll information and corporate data to steal sensitive files.

After learning that his six-month contract would not be renewed, he carried out extortion using the sensitive files as leverage.

The day after his contract expired on December 10, Curry began sending more than 60 extortion emails to Brightly employees using a Microsoft email address and the alias Loot, from lootsoftware@outlook.com, threatening to leak the sensitive information stolen between August 2023 and December 2023 unless he received a ransom of $2.5 million.

In these extortion emails, Curry also attached screenshots of spreadsheet files containing employees’ personally identifiable information (PII), including names, dates of birth, home addresses, and compensation information. He also threatened to report the company to the U.S. Securities and Exchange Commission (SEC) for failing to disclose a data breach as required by law.

“We will phase in and publish payroll information to all employees starting January 1, 2024, and after that we will report your failure to disclose the data breach to the SEC,” Curry threatened in one of the extortion emails.

“If you want to get the data back, it is recommended that you pay $2.5 million immediately to save your company and stock. After that, the monthly fee will increase by $100,000. The discrepancy in your books is currently over $16 million, which could raise issues with retention, a hostile work environment, employee resentment, and more.”

Example extortion email (U.S. Department of Justice):

After receiving multiple extortion emails from Curry, Brightly paid $7,540 worth of bitcoin, which was then transferred to a cryptocurrency wallet controlled by Curry.

After the company reported the incident, the Federal Bureau of Investigation searched Curry’s residence on January 24 and seized various electronic devices containing evidence of his extortion.

Curry was released on bail in January 2024 and currently faces six counts; the charges are for emailing extortion targeting the victim company, with a maximum penalty of 12 years in prison.

After the article was published, Brightly told the media: “We have learned of the conviction by the U.S. Department of Justice of Cameron Curry for extortion. We have fully cooperated with the FBI and the Department of Justice on this matter, and we thank them for carrying out their investigation. Given that the litigation work is still ongoing, we will hand over all questions to law enforcement.”

In addition, Brightly also notified customers in May 2023 of a data breach unrelated to this case, when an attacker accessed the database of its SchoolDude online platform and stole user credentials and personal data (including names, email addresses, account passwords, and phone numbers).

Information submitted to the Maine Attorney General’s Office shows that the intrusion was discovered eight days after the attacker accessed Brightly’s systems on April 20, and the data breach affected nearly 3 million SchoolDude customers and users.

Cloud Headline claims: If the above content is inaccurate or infringes upon the rights and interests of your company, organization, unit, or individuals, please contact us to explain the reasons. We will cooperate and delete the matter unconditionally.

A wealth of information and precise analysis—available in the Sina Finance APP