A serious cybersecurity case has come out from the United States where a former data analyst was found guilty of stealing company data. He used that data to try and extort money from the organization. The incident involved misuse of access given during his role as a contractor. This case clearly highlights the risks of insider threats in modern companies.

The accused was based in North Carolina and was working with a technology company in Washington, D.C. He had authorized access to the company’s internal systems at the time. Instead of using this access responsibly, he chose to exploit it. Authorities confirmed the crime happened while he was still employed.

According to investigators, the analyst illegally accessed and copied sensitive company data. This included internal information that could damage the company if made public. He stored this data without permission for his own benefit. The stolen data later became the core of his extortion attempt.

After collecting the data, he tried to pressure the company into paying him money. He demanded around $2.5 million in exchange for not releasing the data. He also threatened to leak the information if the demand was not fulfilled. This type of attack is known as extortion using stolen data.

Further investigation revealed that the company targeted was Brightly Software, a SaaS-based firm. The company was previously known as SchoolDude before its acquisition. It was acquired by Siemens in the year 2022. Initially, the company’s identity was not publicly disclosed.

The scheme was eventually detected, and authorities began investigating the case. Evidence was collected showing how the analyst accessed and used the data. The case was taken to court for legal proceedings. He was later found guilty based on the evidence presented.

This incident highlights the growing issue of insider threats in cybersecurity. Employees and contractors often have access to sensitive systems and data. If this access is misused, it can cause serious harm. Companies need stronger monitoring and control systems to prevent such risks.

In simple terms, a trusted insider misused his access to steal company data and attempt extortion. However, the plan failed as authorities identified and prosecuted him. This case serves as a warning for organizations to stay alert. Internal security is just as important as protection from external attacks.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news