News

Company Pays $300K Ransom To Ex-Employee Who Stole Personal Data of Millions

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

An ex-employee has been paid at least $300,000 ransom by his former employer, after claiming he stole the private data of more than a million customers, as well as thousands of employees.

The employer, Asurion, is a global phone insurance and tech support company based in Nashville, Tennessee, and the suspect has been identified by the FBI as former Asurion employee Nicholas Burks, of Antioch, who was fired by the company in March.

As reported in the Tennessean, Burks claimed in an anonymous email that he had more than 100 terabytes of Asurion's 'sensitive data', including more than a million customers' names, addresses, phone numbers and account numbers, and thousands of employees' social security numbers and banking information.

"At this point, there is no evidence to suggest that sensitive customer data has been compromised," said Asurion spokeswoman Nicole Miller, after Burks threatened to pass on information to media outlets and Asurion's competitors if he was not paid $350,000 in bitcoin within 24 hours.

"Based on our review," Miller continued, "the person had limited information regarding a small number of employees, as well as general company information. We are supporting our employees through identity theft protection services."

According to an FBI search warrant application, "the extortion scheme began when seven Asurion executives received an anonymous email threatening to release corporate information ... To prove he wasn’t bluffing, the extortionist attached samples of the corporate documents, including social security numbers of some employees ... The suspect(s) concluded his email by stating that his only motivation was money."

At the same time Asurion launched an internal investigation and contacted the FBI, the company paid daily amounts of $50,000 as a way to stall 'the extortionist'. During this time, the internal investigation revealed that a corporate laptop was missing and Burks was the last known user. It was then discovered the laptop had accessed the corporate network numerous times in the days before Burks' dismissal.

When Burks had been identified as a possible suspect, law enforcement tailed him in the hope he would confirm their suspicions. This he did when a law enforcement officer watched Burks as Asurion paid him $5,000. Burks typed something on his phone and moments later Asurion received an email from Burks demanding more money.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203