Skip to content
Tech News
← Back to articles

Ex-data analyst stole company data in $2.5M extortion scheme

2026-03-20 | original
read original get Data Security USB Drive → more articles
Why This Matters

This case highlights the critical importance of cybersecurity and data protection within the tech industry, especially for companies handling sensitive employee and client information. It underscores the potential risks posed by insider threats and the need for robust access controls and monitoring to prevent data theft and extortion schemes. For consumers and organizations, it serves as a reminder to prioritize data security and be vigilant against insider vulnerabilities.

Key Takeaways

A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor.

While a Justice Department press release published on Thursday doesn't name the victim, court documents reveal that he targeted Brightly Software, a Software-as-a-Service (SaaS) company previously known as SchoolDude, which Siemens acquired in August 2022.

Brightly has been in business for more than 20 years, employs over 700 people, and provides intelligent asset management and maintenance software to over 12,000 clients worldwide, mainly in the United States, Canada, the United Kingdom, and Australia.

As revealed in the indictment, 27-year-old Cameron Curry (also known as "Loot") took advantage of his access to Brightly's payroll information and corporate data to steal sensitive documents, which he used as leverage in an extortion scheme after learning that his six-month contract wouldn't be extended.

One day after his contract ended on December 10, Curry began sending over 60 extortion emails to Brightly employees using the [email protected] Microsoft email address and the Loot alias, threatening to leak sensitive information stolen between August and December 2023 unless he was paid a $2.5 million ransom.

With the extortion messages, Curry also attached screenshots of spreadsheets listing the personal identification information (PII) of Brightly employees, including names, dates of birth, home addresses, and compensation information. He also threatened to report the company to the U.S. Securities and Exchange Commission (SEC) for failing to disclose the breach as required by law.

"We will commence the process of disseminating salary information starting January 1,2024 in phases to all employees and will report you to the SEC after for not reporting the breach," Curry threatened in one of the extortion emails.

"If you wish to reclaim your data, we recommend doing so promptly at 2.5 million USD in order to save your company and stocks, as each subsequent month will incur a $100,000 USD increase. Discrepancies in your books are currently over 16 million USD, posing a potential risk for retention issues, a hostile work environment, resentment, and more."

Extortion email sample (Justice Department)

​Following Curry's numerous extortion emails, Brightly paid $7,540 in Bitcoin, which was transferred to a cryptocurrency wallet controlled by Curry.

... continue reading

Explore topics: brightly software schooldude siemens asset management extortion
Related:
UK bets big on homegrown fusion and quantum — can it lead the world?
Siemens CEO Roland Busch’s mission to automate everything
ShinyHunters Expands Scope of SaaS Extortion Attacks
From Cipher to Fear: The psychology behind modern ransomware extortion
US cybersecurity experts plead guilty to BlackCat ransomware attacks

© 2026 GoKawiil

About | Editorial Policy | Contact