Cybersecurity consultant arrested after allegedly extorting IT firm

Summary: A former cybersecurity consultant was arrested for attempting to extort a publicly traded IT company by threatening to disclose confidential data unless they paid him $1.5 million.

Threat Actor: Vincent Cannady | Vincent Cannady
Victim: New York-based multinational information technology infrastructure services provider | New York-based multinational information technology infrastructure services provider

Key Point :

  • A former cybersecurity consultant, Vincent Cannady, was arrested for attempting to extort a publicly traded IT company.
  • Cannady allegedly downloaded proprietary and confidential information from the victim company’s network after his employment was terminated.
  • He threatened to publicly disclose the sensitive information unless the company paid him $1.5 million as a settlement for employment discrimination.

Person being arrested

A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000.

A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider.

After the termination of his employment for performance reasons, on June 23, 2023, Cannady allegedly used a company-issued laptop to download proprietary and confidential information, including architectural maps, trade secrets, and lists of potential vulnerabilities, from the victim company’s network, to which he still had access.

The Department of Justice says Cannady threatened to publicly disclose this sensitive information unless the company agreed to pay him up to $1.5 million as a settlement for what he claimed was employment discrimination.

When confronted about the data theft, Cannady reportedly escalated his demands, cut off the staffing firm’s access to the laptop, and engaged in a lengthy extortion procedure that included legal threats for emotional distress and other claims.

The defendant also attempted to engage the media and hinted at releasing the stolen information publicly or disclosing it through legal filings and reports to regulatory bodies, which might harm the company’s reputation and investor confidence.

A DOJ announcement says the former IT consultant involved the staffing company in his extortion attempts by communicating his demands and legal threats to them as well. 

CANNADY then demanded that the company settle unspecified discrimination and emotional distress claims.  He threatened to “upload all of the documents in his possession immediately once the case is filed” if the company did not settle his claims for $1.5 million.  He added, “[a]s we all know those documents will imperil [the company’s] reputation and shake investor confidence.”  He specifically demanded “a 10 year Certificate of Deposit for 1.5 million dollars,” which would “buy a[n] attestation that all files destroyed by me and a gag order preventing me from ever talking about what I saw or the documents I had in my possession or the documents I had created at [the company] or downloaded.”

Department of Justice

The complaint against Cannady states that the defendant repeatedly sought assurances to be added to a settlement that prevented his previous employer from referring the case to law enforcement.

If found guilty, Cannady faces charges under 18 U.S.C. § 1951, which pertains to interference with commerce by threats or violence, commonly known as extortion.

The maximum sentence for extortion is 20 years of imprisonment, with the sentence to be decided by the United States District Court for the Southern District of New York.

Source: https://www.bleepingcomputer.com/news/legal/cybersecurity-consultant-arrested-after-allegedly-extorting-it-firm/


“An interesting youtube video that may be related to the article above”

No tags for this post.