Former Data Analyst Turns on Employer in $2.5 Million Extortion Scheme

In a stunning case of insider betrayal, a North Carolina data analyst has been convicted of orchestrating an elaborate extortion plot against the very company that once employed him—leveraging stolen payroll records and employee data in a brazen attempt to cash in for millions.

Cameron Curry, a 27-year-old former contractor for Brightly Software, was found guilty by a federal jury on six counts of transmitting interstate communications with the intent to extort. The case, prosecuted by the U.S. Department of Justice, reveals a calculated abuse of privileged access that unfolded over several months and ended in a cryptocurrency payment of over $7,500 before law enforcement intervened.

The Setup: Trusted Insider Becomes Threat Actor

Curry worked as a data analyst contractor for Brightly Software, a Siemens-owned Software-as-a-Service company formerly known as SchoolDude, which provides intelligent asset management and maintenance software to more than 12,000 clients worldwide. With over 700 employees and two decades in the market, Brightly serves organizations across the United States, Canada, the United Kingdom, and Australia.

From August to December 2023, Curry exploited his legitimate access to company systems, quietly exfiltrating sensitive corporate documents. These included spreadsheets containing personally identifiable information (PII) of Brightly employees—names, birthdates, home addresses, and detailed compensation data.

The plot took shape after Curry learned his six-month contract would not be renewed. On December 10, 2023—the day after his contract officially ended—he launched his extortion campaign.

The Extortion Campaign: Threats, Deadlines, and Public Shaming

Using the email alias “Loot” and the Outlook address [email protected], Curry sent more than 60 threatening emails to Brightly employees. The messages included screenshots of the stolen spreadsheets and carried an unmistakable ultimatum: pay $2.5 million in Bitcoin or face public exposure.

Curry’s threats were multifaceted. He warned that he would begin “disseminating salary information” to all employees starting January 1, 2024, in phased releases. He also threatened to report Brightly to the U.S. Securities and Exchange Commission (SEC) for failing to disclose the breach—a move that could have triggered severe regulatory and reputational damage.

“Your company and stocks are at risk,” one email read. “Each subsequent month will incur a $100,000 USD increase” if payment wasn’t made promptly. Curry also alluded to alleged “discrepancies” in Brightly’s books, suggesting that the leaked data could fuel internal resentment and create a hostile work environment.

The pressure campaign worked—at least initially. Brightly ultimately transferred $7,540 in Bitcoin to a wallet address controlled by Curry, a fraction of his demanded ransom but still a significant capitulation under duress.

Investigation and Arrest

The FBI launched an investigation after Brightly reported the extortion attempt. On January 24, 2024, agents executed a search warrant at Curry’s residence, seizing multiple electronic devices containing evidence of the scheme. Curry was arrested and later released on bond.

Now facing up to 12 years in federal prison, Curry’s conviction underscores the growing threat posed by insider actors—employees or contractors who abuse their trusted access to inflict harm.

Company Response and Broader Implications

Brightly Software confirmed its cooperation with federal authorities in a statement to BleepingComputer, noting that it “defer[s] all questions to law enforcement authorities” given the pending nature of the case.

The incident also comes in the wake of a separate data breach unrelated to Curry’s actions. In May 2023, Brightly disclosed that attackers had accessed the database of its SchoolDude online platform, stealing credentials and personal data of nearly 3 million customers. That breach, discovered eight days after the April 20 intrusion, affected users across North America and Europe.

A Cautionary Tale for the Digital Age

This case highlights the dual-edged nature of insider access in the modern workplace. While trusted employees are essential to business operations, they can also become potent threats when personal grievances intersect with technical capability.

Cybersecurity experts emphasize the importance of robust access controls, regular audits, and employee monitoring—not as tools of distrust, but as safeguards against the kind of calculated betrayal Curry perpetrated. Companies are increasingly adopting zero-trust architectures and limiting data access to need-to-know bases to mitigate insider risks.

For Curry, the price of betrayal could be more than a decade behind bars. For Brightly and companies like it, the episode is a stark reminder that the greatest threats sometimes come from within.

Tags: Insider Threat, Data Breach, Extortion, Cybersecurity, Cryptocurrency Ransom, SaaS Security, Federal Prosecution, Employee Data Theft, SEC Compliance, Digital Extortion

Viral Phrases: “Inside Job,” “Betrayal from Within,” “$2.5 Million Bitcoin Demand,” “Six-Month Contractor, Six-Year Sentence,” “The Loot Who Turned,” “Data Analyst Gone Rogue,” “When Trust Becomes a Liability,” “Crypto Ransom Paid,” “The Insider Who Stole More Than Data”

,