A Brazilian citizen has been charged in the United States for allegedly threatening to release data stolen by hacking into a company’s network in March 2020.
Junior Barros De Oliveira, 29, of Curitiba, Brazil has been charged with four counts of extortionate threats involving information obtained from protected computers and four counts of threatening communications, the U.S. Department of Justice (DoJ) said in an unsealed indictment earlier this week.
The said victim, a Brazilian subsidiary of a New Jersey-based company, had its computers breached by the defendant, who then exploited the access to steal confidential customer information from about 300,000 customers on at least three occasions.
De Oliveira is alleged to have subsequently sent the chief executive officer (CEO) of the company an email message in September 2020 using an alias, demanding a payment of 300 bitcoin (valued at about $3.2 million at the time) in return for not selling the data.
A month later, the defendant forwarded the aforementioned message to both the CEO and an executive working in the Brazilian subsidiary.
In one of the follow-up messages sent to a representative of the company, De Oliveira said he “very interested in helping you guys solve this security flaw” but said it will incur a consulting fee of 75 bitcoin (about $800,000 at the time). The defendant also provided instructions on how to make the payment to a Bitcoin wallet.
Each of the four counts of extortionate threats carries a maximum prison term of 5 years, and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.
Likewise, each of the four counts of threatening communications carries a maximum prison term of 2 years, and a maximum fine of $250,000 or twice the value of any gain or loss, whichever is greater.