A Nashville corporation paid at least $300,000 in ransom to a extortionist who claimed he stole private info of thousands of employees and more than a million customers, according to new court records from an ongoing FBI investigation.
The FBI identified the suspect as Nicholas Burks, of Antioch, a former Asurion employee who was fired in March. As of Tuesday morning, he had not been charged with a crime.
Federal court records state the extortionist claimed in an anonymous email that he has more than 100 terabytes of Asurion’s “sensitive data,” including thousands of employees’ social security numbers and banking information and “over a million customers’ names, addresses, phone numbers and account numbers.”
The extortionist threatened to leak this information to newspapers and competing companies if he was not paid a $350,000 ransom in bitcoin within 24 hours, the court records state. Asurion paid most of that ransom in installments earlier this month, records state.
Asurion spokeswoman Nicole Miller said the company is limited in what it can say because the breach is subject to an active criminal investigation. The company has only alerted a small number of employees about the breach.
“At this point, there is no evidence to suggest that sensitive customer data has been compromised,” Miller said. “Based on our review, the person had limited information regarding a small number of employees, as well as general company information. We are supporting our employees through identity theft protection services.”
FBI: ‘His only motivation was money.’
The Asurion breach was revealed late last week by an FBI search warrant application that was publicly filed in federal court. The application asks a judge to approve a search of Burks’ home and car for computers and records related to the breach.
Both the FBI and the U.S. Attorney’s Office declined to comment on the case. After The Tennessean asked questions about the investigation, the warrant application was sealed.
According to the warrant application, the extortion scheme began when seven Asurion executives received an anonymous email threatening to release corporate information. In addition to the employee and customer info, the extortionist claimed to have obtained thousands of recorded phone calls, financial documents, customer service documents and training materials, the warrant applications states.
To prove he wasn’t bluffing, the extortionist attached samples of the corporate documents, including social security numbers of some employees.
“The suspect(s) concluded his email by stating that his only motivation was money,” the warrant application states.
Asurion then began to pay $50,000 a day to stall the extortionist while launching an internal investigation and contacting the FBI, the warrant application states. The company soon realized that a corporate laptop was missing and the last known login was by Burks. Asurion then discovered that in the final days before Burks was fired, the missing laptop – with four external hard drives attached – was repeatedly used to access the corporate network.
Law enforcement also began to follow Burks to confirm he was the extortionist, the warrant application states. At one point, a law enforcement officer watched Burks as Asurion paid him $5,000, then Burks “picked up his cell phone and typed on it.” A moment later, Asurion received an email demanding more money.