[BreachExchange] FBI: Nashville company Asurion paid $300K ransom after private data was stolen

Wed Aug 14 10:39:23 EDT 2019

https://www.tennessean.com/story/news/2019/08/13/asurion-nashville-paid-ransom-after-private-data-identity-theft-fbi-says/1986310001/

A Nashville corporation paid at least $300,000 in ransom to an
extortionist who claimed he stole private info of thousands of
employees and more than a million customers, according to new court
records from an ongoing FBI investigation.

Asurion, a global phone insurance and tech support company
headquartered in the city, confirmed the breach but said it believes
the suspect took less information than he claimed.

The FBI identified the suspect as Nicholas Burks, of Antioch, a former
Asurion employee who was fired in March. As of Tuesday morning, he had
not been charged with a crime.

Federal court records state the extortionist claimed in an anonymous
email that he has more than 100 terabytes of Asurion's “sensitive
data," including thousands of employees’ social security numbers and
banking information and “over a million customers’ names, addresses,
phone numbers and account numbers."

The extortionist threatened to leak this information to newspapers and
competing companies if he was not paid a $350,000 ransom in bitcoin
within 24 hours, the court records state. Asurion paid most of that
ransom in installments earlier this month,records state.

Asurion spokeswoman Nicole Miller said the company is limited in what
it can say because the breach is subject to an active criminal
investigation. The company has only alerted a small number of
employees about the breach.

"At this point, there is no evidence to suggest that sensitive
customer data has been compromised," Miller said. "Based on our
review, the person had limited information regarding a small number of
employees, as well as general company information. We are supporting
our employees through identity theft protection services."

FBI: 'His only motivation was money.'

The Asurion breach was revealed late last week by an FBI search
warrant application that was publicly filed in federal court. The
application asks a judge to approve a search of Burks' home and car
for computers and records related to the breach.

Both the FBI and the U.S. Attorney's Office declined to comment on the
case. After The Tennessean asked questions about the investigation,
the warrant application was sealed.

According to the warrant application, the extortion scheme began when
seven Asurion executives received an anonymous email threatening to
release corporate information. In addition to the employee and
customer info, the extortionist claimed to have obtained thousands of
recorded phone calls, financial documents, customer service documents
and training materials, the warrant applications states.

To prove he wasn’t bluffing, the extortionist attached samples of the
corporate documents, including social security numbers of some
employees.

“The suspect(s) concluded his email by stating that his only
motivation was money,” the warrant application states.

Asurion then began to pay $50,000 a day to stall the extortionist
while launching an internal investigation and contacting the FBI, the
warrant application states. The company soon realized that a corporate
laptop was missing and the last known login was by Burks. Asurion then
discovered that in the final days before Burks was fired, the missing
laptop – with four external hard drives attached – was repeatedly used
to access the corporate network.

Law enforcement also began to follow Burks to confirm he was the
extortionist, the warrant application states. At one point, a law
enforcement officer watched Burks as Asurion paid him $5,000, then
Burks “picked up his cell phone and typed on it.” A moment later,
Asurion received an email demanding more money.