Ex-data analyst stole company data in $2.5M extortion scheme

News

Featured
Latest

ConnectWise patches new flaw allowing ScreenConnect hijacking

New DarkSword iOS exploit used in infostealer attack on iPhones

Apple pushes first Background Security Improvements update to fix WebKit flaw

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

International joint action disrupts world’s largest DDoS botnets

Microsoft: March Windows updates break Teams, OneDrive sign-ins

Ex-data analyst stole company data in $2.5M extortion scheme

Navia discloses data breach impacting 2.7 million people

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityEx-data analyst stole company data in $2.5M extortion scheme

Ex-data analyst stole company data in $2.5M extortion scheme

By Sergiu Gatlan

March 20, 2026
02:57 AM
0

A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor.
While a Justice Department press release published on Thursday doesn't name the victim, court documents reveal that he targeted Brightly Software, a Software-as-a-Service (SaaS) company previously known as SchoolDude, which Siemens acquired in August 2022.
Brightly has been in business for more than 20 years, employs over 700 people, and provides intelligent asset management and maintenance software to over 12,000 clients worldwide, mainly in the United States, Canada, the United Kingdom, and Australia.
As revealed in the indictment, 27-year-old Cameron Curry (also known as "Loot") took advantage of his access to Brightly's payroll information and corporate data to steal sensitive documents, which he used as leverage in an extortion scheme after learning that his six-month contract wouldn't be extended.
One day after his contract ended on December 10, Curry began sending over 60 extortion emails to Brightly employees using the lootsoftware@outlook.com Microsoft email address and the Loot alias, threatening to leak sensitive information stolen between August and December 2023 unless he was paid a $2.5 million ransom.
With the extortion messages, Curry also attached screenshots of spreadsheets listing the personal identification information (PII) of Brightly employees, including names, dates of birth, home addresses, and compensation information. He also threatened to report the company to the U.S. Securities and Exchange Commission (SEC) for failing to disclose the breach as required by law.
"We will commence the process of disseminating salary information starting January 1,2024 in phases to all employees and will report you to the SEC after for not reporting the breach," Curry threatened in one of the extortion emails.
"If you wish to reclaim your data, we recommend doing so promptly at 2.5 million USD in order to save your company and stocks, as each subsequent month will incur a $100,000 USD increase. Discrepancies in your books are currently over 16 million USD, posing a potential risk for retention issues, a hostile work environment, resentment, and more."

Extortion email sample (Justice Department)
​Following Curry's numerous extortion emails, Brightly paid $7,540 in Bitcoin, which was transferred to a cryptocurrency wallet controlled by Curry.
The FBI searched Curry's residence on January 24 after the company reported the incident and seized various electronic devices containing evidence of his extortion scheme.
Curry was released on bond in January 2024 and now faces up to 12 years in prison for six counts of transmitting or willfully causing interstate communications with the intent to extort a victim company.
Brightly also notified customers of a data breach unrelated to this case in May 2023 after attackers gained access to the database of its SchoolDude online platform and stole credentials and personal data (including names, email addresses, account passwords, phone numbers).
Information filed with the Office of the Maine Attorney General revealed that the intrusion was discovered 8 days after the attackers breached Brightly's systems on April 20, and that the data breach affected nearly 3 million SchoolDude customers and users.

Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Download The Report

Related Articles:
Ericsson US discloses data breach after service provider hackUH Cancer Center data breach affects nearly 1.2 million peopleExposed MongoDB instances still targeted in data extortion attacksFrom Cipher to Fear: The psychology behind modern ransomware extortion American Airlines subsidiary Envoy confirms Oracle data theft attack

Brightly
Data Analysis
Data Theft
Extortion
Insider Threat
USA

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

CISA urges US orgs to secure Microsoft Intune systems after Stryker breach

Max severity Ubiquiti UniFi flaw may allow account takeover

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

Sponsor Posts

Uncover shadow AI apps, users, and risky data sharing. Get started in 5 min.

Secure your AI agents without sacrificing speed.

Cut VMware migration time by 60% with Acronis—move workloads faster, with less downtime.

Are refund fraud methods targeting your brand? You can monitor the underground for these threats.

Overdue a password health-check? Audit your Active Directory for free

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Ex-data analyst Cameron Curry was convicted of an extortion scheme targeting Brightly Software, a SaaS company formerly known as SchoolDude, acquired by Siemens in 2022. The case highlights a significant cybersecurity risk: insider threats leveraging access gained through employment. Curry, motivated by the anticipated non-extension of his contract, utilized his access to Brightly’s payroll information and corporate data to construct an elaborate extortion attempt. He communicated with over 60 Brightly employees via email, threatening to leak sensitive information—including employee PII like names, dates of birth, home addresses, and compensation details—unless he received a $2.5 million ransom. Crucially, he also leveraged threats against the U.S. Securities and Exchange Commission (SEC) regarding non-disclosure of the breach, escalating the pressure. Following these threatening communications, Curry successfully extorted $7,540 in Bitcoin, transferring it to a cryptocurrency wallet. The FBI subsequently seized Curry’s residence and electronic devices, leading to his conviction and a potential sentence of up to 12 years in prison. This case underscores the severe consequences of exploiting corporate data, particularly when fueled by dissatisfaction or a perceived lack of recognition. Furthermore, it demonstrates the potential for individuals to exploit privileged access to inflict significant financial and reputational damage on an organization, necessitating robust internal security protocols and diligent monitoring of employee conduct. Brightly Software had previously suffered another data breach in May 2023, involving the compromise of credentials and personal data from its SchoolDude online platform, highlighting the persistent vulnerability of SaaS companies and the critical importance of proactive data security measures.