FBI: Nashville company Asurion paid $300K ransom after private data was stolen

CLOSE

CLOSE

Visit IdentityTheft.gov/databreach to learn what you can do to protect your identity. Federal Trade Commission

A Nashville corporation paid at least $300,000 in ransom to an extortionist who claimed he stole private info of thousands of employees and more than a million customers, according to new court records from an ongoing FBI investigation.

Asurion, a global phone insurance and tech support company headquartered in the city, confirmed the breach but said it believes the suspect took less information than he claimed.

The FBI identified the suspect as Nicholas Burks, of Antioch, a former Asurion employee who was fired in March. As of Tuesday morning, he had not been charged with a crime.

Federal court records state the extortionist claimed in an anonymous email that he has more than 100 terabytes of Asurion's “sensitive data," including thousands of employees’ social security numbers and banking information and “over a million customers’ names, addresses, phone numbers and account numbers."

The extortionist threatened to leak this information to newspapers and competing companies if he was not paid a $350,000 ransom in bitcoin within 24 hours, the court records state. Asurion paid most of that ransom in installments earlier this month, records state.

SIGN UP:Get top and trending business stories delivered to your inbox

Asurion spokeswoman Nicole Miller said the company is limited in what it can say because the breach is subject to an active criminal investigation. The company has only alerted a small number of employees about the breach.

"At this point, there is no evidence to suggest that sensitive customer data has been compromised," Miller said. "Based on our review, the person had limited information regarding a small number of employees, as well as general company information. We are supporting our employees through identity theft protection services."

FBI: 'His only motivation was money.'

The Asurion breach was revealed late last week by an FBI search warrant application that was publicly filed in federal court. The application asks a judge to approve a search of Burks' home and car for computers and records related to the breach.

Both the FBI and the U.S. Attorney's Office declined to comment on the case. After The Tennessean asked questions about the investigation, the warrant application was sealed.

DATA BREACH:Tennessee student data may have been accessed on college planning site

According to the warrant application, the extortion scheme began when seven Asurion executives received an anonymous email threatening to release corporate information. In addition to the employee and customer info, the extortionist claimed to have obtained thousands of recorded phone calls, financial documents, customer service documents and training materials, the warrant applications states.

RELATED:HIV: Feds end investigation into potential breach of private patient info

To prove he wasn’t bluffing, the extortionist attached samples of the corporate documents, including social security numbers of some employees.

“The suspect(s) concluded his email by stating that his only motivation was money,” the warrant application states.

Asurion then began to pay $50,000 a day to stall the extortionist while launching an internal investigation and contacting the FBI, the warrant application states. The company soon realized that a corporate laptop was missing and the last known login was by Burks. Asurion then discovered that in the final days before Burks was fired, the missing laptop – with four external hard drives attached – was repeatedly used to access the corporate network.

Law enforcement also began to follow Burks to confirm he was the extortionist, the warrant application states. At one point, a law enforcement officer watched Burks as Asurion paid him $5,000, then Burks “picked up his cell phone and typed on it.” A moment later, Asurion received an email demanding more money.

SUPPORT LOCAL JOURNALISM:Get unlimited access to the stories that matter to you.

Brett Kelman is the health care reporter for The Tennessean. He can be reached at 615-259-8287 or at [email protected] Follow him on Twitter at @brettkelman.

Read or Share this story: https://www.tennessean.com/story/news/2019/08/13/asurion-nashville-paid-ransom-after-private-data-identity-theft-fbi-says/1986310001/

Similar Articles:

Your data was probably stolen in cyberattack in 2018 – and you should care

Your data was probably stolen in cyberattack in 2018 – and you should care

Michigan Attorney General asking for information on major data breach

Michigan Attorney General asking for information on major data breach

Flipboard reveals data breach, which left users' details exposed

Flipboard reveals data breach, which left users' details exposed

Marriott hack hits 500 million guests

Marriott hack hits 500 million guests