Cybersecurity consultant arrested after allegedly extorting IT firm
- by nlqip
A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000.
A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider.
After the termination of his employment for performance reasons, on June 23, 2024, Cannady allegedly used a company-issued laptop to download proprietary and confidential information, including architectural maps, trade secrets, and lists of potential vulnerabilities, from the victim company’s network, to which he still had access.
The Department of Justice says Cannady threatened to publicly disclose this sensitive information unless the company agreed to pay him up to $1.5 million as a settlement for what he claimed was employment discrimination.
When confronted about the data theft, Cannady reportedly escalated his demands, cut off the staffing firm’s access to the laptop, and engaged in a lengthy extortion procedure that included legal threats for emotional distress and other claims.
The defendant also attempted to engage the media and hinted at releasing the stolen information publicly or disclosing it through legal filings and reports to regulatory bodies, which might harm the company’s reputation and investor confidence.
A DOJ announcement says the former IT consultant involved the staffing company in his extortion attempts by communicating his demands and legal threats to them as well.
CANNADY then demanded that the company settle unspecified discrimination and emotional distress claims. He threatened to “upload all of the documents in his possession immediately once the case is filed” if the company did not settle his claims for $1.5 million. He added, “[a]s we all know those documents will imperil [the company’s] reputation and shake investor confidence.” He specifically demanded “a 10 year Certificate of Deposit for 1.5 million dollars,” which would “buy a[n] attestation that all files destroyed by me and a gag order preventing me from ever talking about what I saw or the documents I had in my possession or the documents I had created at [the company] or downloaded.”
The complaint against Cannady states that the defendant repeatedly sought assurances to be added to a settlement that prevented his previous employer from referring the case to law enforcement.
If found guilty, Cannady faces charges under 18 U.S.C. § 1951, which pertains to interference with commerce by threats or violence, commonly known as extortion.
The maximum sentence for extortion is 20 years of imprisonment, with the sentence to be decided by the United States District Court for the Southern District of New York.
Source link
lol
A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider. After the termination of…
Recent Posts
- Bob Sullivan Discovers a Scam That Strikes Twice
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA