• Home
  • cyber
  • Brightly Software and SchoolDude: Ex-data analyst stole company data in $2.5M extortion scheme
cyber Breach

Brightly Software and SchoolDude: Ex-data analyst stole company data in $2.5M extortion scheme

Dec 10, 2023 2 min read
Brightly Software and SchoolDude: Ex-data analyst stole company data in $2.5M extortion scheme

Former Contractor Convicted in Extortion Scheme Targeting Brightly Software

A 27-year-old North Carolina man, Cameron Curry (alias "Loot"), has been found guilty of extorting Brightly Software, a Siemens-owned SaaS provider specializing in asset management and maintenance software for over 12,000 global clients. Curry, who worked as a data analyst contractor for Brightly, exploited his access to corporate and payroll data between August and December 2023, stealing sensitive documents after learning his six-month contract would not be renewed.

On December 11 one day after his contract ended Curry sent over 60 extortion emails to Brightly employees, demanding a $2.5 million ransom in exchange for not leaking stolen data. The emails included screenshots of employee PII, such as names, birthdates, addresses, and compensation details, and threatened to report Brightly to the SEC for failing to disclose the breach. Curry warned that salary information would be publicly released starting January 1, 2024, with the ransom increasing by $100,000 monthly if unpaid.

Brightly paid $7,540 in Bitcoin to Curry’s cryptocurrency wallet before reporting the incident to the FBI. A January 24 search of Curry’s residence uncovered electronic devices containing evidence of the scheme. He now faces up to 12 years in prison for six counts of interstate extortion.

Separately, Brightly disclosed a May 2023 data breach affecting nearly 3 million SchoolDude customers after attackers accessed the platform’s database on April 20, stealing credentials and personal data. The intrusion was detected eight days later.

Source: https://www.bleepingcomputer.com/news/security/data-analyst-found-guilty-of-extorting-brightly-software-of-25-million/

SchoolDude cybersecurity rating report: https://www.rankiteo.com/company/schooldude

Brightly Software cybersecurity rating report: https://www.rankiteo.com/company/brightlysoftware

"id": "SCHBRI1773995566",
"linkid": "schooldude, brightlysoftware",
"type": "Breach",
"date": "12/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Asset Management and Maintenance Software',
                        'location': 'Global',
                        'name': 'Brightly Software',
                        'size': '12,000+ clients',
                        'type': 'SaaS Provider'}],
 'attack_vector': 'Insider Threat (Former Contractor)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Names, birthdates, '
                                                        'addresses, '
                                                        'compensation details',
                 'sensitivity_of_data': 'High (PII, compensation details)',
                 'type_of_data_compromised': 'Employee PII, Corporate and '
                                             'Payroll Data'},
 'date_detected': '2023-12-11',
 'description': 'A 27-year-old North Carolina man, Cameron Curry (alias '
                "'Loot'), exploited his access as a former contractor to steal "
                'sensitive corporate and payroll data from Brightly Software. '
                'He extorted the company by demanding a $2.5 million ransom in '
                'exchange for not leaking the stolen data, which included '
                'employee PII. Brightly paid $7,540 in Bitcoin before '
                'reporting the incident to the FBI. Curry was later convicted '
                'on six counts of interstate extortion.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'extortion and data leak threats',
            'data_compromised': 'Employee PII (names, birthdates, addresses, '
                                'compensation details)',
            'financial_loss': '$7,540 (ransom paid)',
            'identity_theft_risk': 'High (PII exposed)',
            'legal_liabilities': 'Potential SEC reporting violations'},
 'investigation_status': 'Convicted',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Former contractor exploited '
                                           'retained access to sensitive data '
                                           'after contract termination'},
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '$2.5 million',
                'ransom_paid': '$7,540'},
 'references': [{'source': 'Cyber Incident Description'}],
 'regulatory_compliance': {'legal_actions': 'Six counts of interstate '
                                            'extortion (up to 12 years in '
                                            'prison)',
                           'regulations_violated': 'Potential SEC disclosure '
                                                   'violations'},
 'response': {'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'FBI'},
 'threat_actor': "Cameron Curry (alias 'Loot')",
 'title': 'Former Contractor Convicted in Extortion Scheme Targeting Brightly '
          'Software',
 'type': 'Extortion',
 'vulnerability_exploited': 'Unauthorized Access to Sensitive Data'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.