A Brazilian national has been indicted in the United States for allegedly threatening to release data stolen in a March 2020 hack of a company’s network.
Junior Barros de OliveiraA 29-year-old man from Curitiba, Brazil, was charged with four counts of extortion threats related to information obtained from protected computers and four counts of threatening communications, US Department of Justice (DoJ) said in an unsealed indictment earlier this week.
The computers of the named victim, a Brazilian subsidiary of a New Jersey company, were hacked by the defendant, who then used the access to steal sensitive customer information from approximately 300,000 customers at least three times.
De Oliveira is alleged to have subsequently sent the company’s chief executive officer (CEO) an email in September 2020, using a pseudonym, demanding a payment of 300 bitcoins (worth around $3.2 million at the time) in exchange for that it is not for sale. data.
One month later, the defendant sent the aforementioned communication to both the CEO and the manager working in the Brazilian subsidiary.
In a follow-up message to the company’s representative, De Oliveira said he was “very interested in helping you fix this security flaw,” but said it would incur a consulting fee of 75 bitcoins (about $800,000 at that time). . The defendant also provided instructions on how to make a payment to a Bitcoin wallet.
Each of the four counts of racketeering threats carries a maximum penalty of 5 years in prison and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.
Likewise, each of the four counts of threatening communications carries a maximum sentence of 2 years in prison and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.
