Tech
Ex-data analyst stole company data in $2.5M extortion scheme
A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor.
While a Justice Department press release published on Thursday doesn’t name the victim, court documents reveal that he targeted Brightly Software, a Software-as-a-Service (SaaS) company previously known as SchoolDude, which Siemens acquired in August 2022.
Brightly has been in business for more than 20 years, employs over 700 people, and provides intelligent asset management and maintenance software to over 12,000 clients worldwide, mainly in the United States, Canada, the United Kingdom, and Australia.
As revealed in the indictment, 27-year-old Cameron Curry (also known as “Loot”) took advantage of his access to Brightly’s payroll information and corporate data to steal sensitive documents, which he used as leverage in an extortion scheme after learning that his six-month contract wouldn’t be extended.
One day after his contract ended on December 10, Curry began sending over 60 extortion emails to Brightly employees using the lootsoftware@outlook.com Microsoft email address and the Loot alias, threatening to leak sensitive information stolen between August and December 2023 unless he was paid a $2.5 million ransom.
With the extortion messages, Curry also attached screenshots of spreadsheets listing the personal identification information (PII) of Brightly employees, including names, dates of birth, home addresses, and compensation information. He also threatened to report the company to the U.S. Securities and Exchange Commission (SEC) for failing to disclose the breach as required by law.
“We will commence the process of disseminating salary information starting January 1,2024 in phases to all employees and will report you to the SEC after for not reporting the breach,” Curry threatened in one of the extortion emails.
“If you wish to reclaim your data, we recommend doing so promptly at 2.5 million USD in order to save your company and stocks, as each subsequent month will incur a $100,000 USD increase. Discrepancies in your books are currently over 16 million USD, posing a potential risk for retention issues, a hostile work environment, resentment, and more.”
Following Curry’s numerous extortion emails, Brightly paid $7,540 in Bitcoin, which was transferred to a cryptocurrency wallet controlled by Curry.
The FBI searched Curry’s residence on January 24 after the company reported the incident and seized various electronic devices containing evidence of his extortion scheme.
Curry was released on bond in January 2024 and now faces up to 12 years in prison for six counts of transmitting or willfully causing interstate communications with the intent to extort a victim company.
Brightly also notified customers of a data breach unrelated to this case in May 2023 after attackers gained access to the database of its SchoolDude online platform and stole credentials and personal data (including names, email addresses, account passwords, phone numbers).
Information filed with the Office of the Maine Attorney General revealed that the intrusion was discovered 8 days after the attackers breached Brightly’s systems on April 20, and that the data breach affected nearly 3 million SchoolDude customers and users.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
You must be logged in to post a comment Login