A federal jury found Cameron Curry, a 27-year-old from Charlotte, North Carolina, guilty on March 18 of conducting a cyber extortion scheme against an international technology company based in Washington, D.C., according to U.S. Attorney Jeanine Ferris Pirro.
The case highlights the risks companies face when employees or contractors misuse their access to sensitive information for personal gain. Cyber extortion can threaten both corporate data security and employee privacy.
Court documents and trial evidence showed that Curry worked as a contracted data analyst for about six months at the victim company, where he had access to personnel files and other confidential corporate records. After learning his contract would not be renewed, Curry used this access to launch an extortion campaign.
From December 11, 2023, to January 24, 2024, Curry—using the online alias “Loot”—sent more than 60 emails to company staff and executives demanding $2.5 million in cryptocurrency. The messages threatened to release sensitive corporate information and personally identifiable information of employees if his demands were not met. He also threatened to damage the company’s reputation by reporting a breach and making the information public.
On January 24, FBI agents executed a search warrant at Curry’s residence and seized electronic devices that linked him to the “Loot” alias used in the extortion attempt. Each of the six counts carries a maximum sentence of two years in prison; sentencing has not yet been scheduled.
The investigation was led by the FBI Washington Field Office with help from the FBI Charlotte Field Office. Assistant U.S. Attorneys Diane Lucas (District of Columbia) and Matthew Warren (Charlotte) prosecuted the case.
As companies continue to rely on outside contractors for critical work, this case underscores ongoing concerns about insider threats and cybersecurity.