Ex-Data Analyst Convicted in $2.5M Brightly Software Extortion Scheme
Published
Key Takeaways
- Insider threat conviction: A former data analyst was convicted of orchestrating a $2.5 million Brightly Software extortion scheme using stolen corporate data.
- Stolen corporate data: The attacker leveraged his authorized access to exfiltrate sensitive employee payroll files, utilizing the information to threaten widespread public disclosure.
- Severe legal consequences: The perpetrator received a $7,540 Bitcoin payment before FBI intervention, and now faces up to 12 years in federal prison.
A former Brightly Software data analyst contractor was found guilty of executing a highly sophisticated cyber extortion campaign against his former employer. Utilizing his authorized access to internal payroll and corporate databases, Cameron Curry, 27, orchestrated a targeted data breach just days after his six-month contract concluded in December 2023, according to court documents.
Mechanics of the Brightly Software Extortion
Operating under the alias "Loot," he allegedly dispatched over 60 extortion emails demanding a $2.5 million ransom between December 2023 and January 2024, the Justice Department said in a press release.
During his tenure, the analyst reportedly exfiltrated sensitive corporate information and personally identifiable information (PII) of employees. The attacker threatened to systematically publish the stolen salary data and report the company to the U.S. Securities and Exchange Commission (SEC) for failing to disclose the data breach.
The enterprise eventually transferred $7,540 in Bitcoin to a cryptocurrency wallet controlled by the perpetrator before the FBI executed a search warrant and seized the operational hardware.
The Brightly Software website announced on August 4, 2022, that Siemens closed the Brightly acquisition.
Mitigating Escalating Cybersecurity Threats
At sentencing, Curry was convicted of six extortion counts and faces up to two years in prison for each.
An insider threat often bypasses traditional perimeter defenses. Netwrix experts recommend the following best practices, among others:
- Perform an enterprise-wide risk assessment
- Implement access controls – role-based access controls (RBAC), strict implementation of the principle of least privilege
- Secure access – use Data Loss Prevention (DLP) software, User Behavior Analytics (UBA), and Identity and Access Management (IAM) Solutions
This month, a former DOGE employee was accused of Social Security data theft that affected 500 million Americans. In November 2025, CrowdStrike confirmed an insider threat incident linked to Scattered Lapsus$ Hunters and fired an employee amid data leak claims.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular