North Carolina tech worker found guilty of insider attack netting 25M ransom CyberScoop
p
By
Matt Kapko
pp
March 19 2026
ppA 27yearold North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a DCbased international technology company the Justice Department said ThursdayppCameron Nicholas Curry also known as Loot stole a trove of corporate data including sensitive employee and compensation information which he used to extort his employer according to court records Curry ultimately made off with approximately 25 million from the victim organization in January 2024ppThe insider attack underscores immeasurable risks companies accept when employees or contractors placed in roles by a thirdparty recruitment company as was the case with Curry are allowed to access sensitive data on a companyowned laptop Officials did not name the companyppCurry used his access to the companys network to remove corporate data for extortion while he worked for the company between August and December 2023 Immediately following his last day of employment with the company Curry started sending threatening emails to its employees and demanded a ransom to not leak and destroy the datappOfficials said he sent more than 60 emails to various employees and executives over a sixweek period threatening to disclose the companys payroll data claiming it showed significant pay inequity across the workforce In those emails Curry framed the data theft extortion attack as an effort to implement salary transparencyppLoot and our partners aim to ensure that everyone is being paid accordingly providing employees with the leverage they deserve while also adhering to federal government regulations on protected acts Curry wrote in one of the emails according to the indictmentppCurry included attachments with the emails containing screenshot images of spreadsheets listing the personally identifiable information of company employees Officials said he also warned the company he would provide employees instructions on how to address pay discrimination through mediation the Equal Employment Opportunity Commission or a classaction lawsuitppSome of the extortion emails got personal including a claim that one person on the legal team wasnt getting a bonus while most employees in highlevel positions did receive bonuses Curry also threatened to report the breach to the Securities and Exchange Commission citing rules that require public companies to disclose cyberattacks quickly ppThe publicly traded company notified the FBI of the breach on Dec 14 2023 and paid Currys ransom demand almost a month laterppMultiple operational security mistakes helped authorities identify and build a case against Curry rather quickly He used personal and verifiable data to establish a new Coinbase account and two of the debit cards linked to the account Curry established to receive a ransom belonged to his mother and sisterppAuthorities searched Currys apartment digital devices and vehicle in Charlotte North Carolina just weeks after the ransom was paid He was arrested and released on bond in late January 2024 ppOfficials said Curry initiated his extortion scheme after he learned his contract with the company wouldnt be renewed He faces up to 12 years in prison at sentencingppYou can read the full indictment belowp
By
Matt Kapko
pp
March 19 2026
ppA 27yearold North Carolina man was found guilty of six counts of extortion for a series of crimes he committed while working as a data analyst contractor for a DCbased international technology company the Justice Department said ThursdayppCameron Nicholas Curry also known as Loot stole a trove of corporate data including sensitive employee and compensation information which he used to extort his employer according to court records Curry ultimately made off with approximately 25 million from the victim organization in January 2024ppThe insider attack underscores immeasurable risks companies accept when employees or contractors placed in roles by a thirdparty recruitment company as was the case with Curry are allowed to access sensitive data on a companyowned laptop Officials did not name the companyppCurry used his access to the companys network to remove corporate data for extortion while he worked for the company between August and December 2023 Immediately following his last day of employment with the company Curry started sending threatening emails to its employees and demanded a ransom to not leak and destroy the datappOfficials said he sent more than 60 emails to various employees and executives over a sixweek period threatening to disclose the companys payroll data claiming it showed significant pay inequity across the workforce In those emails Curry framed the data theft extortion attack as an effort to implement salary transparencyppLoot and our partners aim to ensure that everyone is being paid accordingly providing employees with the leverage they deserve while also adhering to federal government regulations on protected acts Curry wrote in one of the emails according to the indictmentppCurry included attachments with the emails containing screenshot images of spreadsheets listing the personally identifiable information of company employees Officials said he also warned the company he would provide employees instructions on how to address pay discrimination through mediation the Equal Employment Opportunity Commission or a classaction lawsuitppSome of the extortion emails got personal including a claim that one person on the legal team wasnt getting a bonus while most employees in highlevel positions did receive bonuses Curry also threatened to report the breach to the Securities and Exchange Commission citing rules that require public companies to disclose cyberattacks quickly ppThe publicly traded company notified the FBI of the breach on Dec 14 2023 and paid Currys ransom demand almost a month laterppMultiple operational security mistakes helped authorities identify and build a case against Curry rather quickly He used personal and verifiable data to establish a new Coinbase account and two of the debit cards linked to the account Curry established to receive a ransom belonged to his mother and sisterppAuthorities searched Currys apartment digital devices and vehicle in Charlotte North Carolina just weeks after the ransom was paid He was arrested and released on bond in late January 2024 ppOfficials said Curry initiated his extortion scheme after he learned his contract with the company wouldnt be renewed He faces up to 12 years in prison at sentencingppYou can read the full indictment belowp
