For those who would like a timely reminder about making sure you terminate access and take control of devices immediately when an employee or contractor terminates employment, consider this press release from the Southern District of New York on May 1.
Damian Williams, the United States Attorney for the Southern District of New York, announced today that VINCENT CANNADY was arrested in connection with his scheme to extort a publicly traded information technology infrastructure services provider of up to $1.5 million by threatening to publicly disclose the company’s confidential and proprietary information. CANNADY was arrested in El Dorado Springs, Missouri, this morning and is expected to appear in Missouri federal court tomorrow.
U.S. Attorney Damian Williams said: “As alleged, Vincent Cannady used illegal and extortionate threats for the purpose of obtaining over a million dollars in payments from a public company after his engagement was terminated. When those entrusted with sensitive information steal that information on their way out the door, only to extort money with a threat of releasing that information, my Office will hold them responsible for their conduct.”
As alleged in the Complaint:[1]
CANNADY was assigned by a staffing company to work on an engagement with the victim company. Under the engagement, CANNADY’s responsibilities included assessing and remediating potential vulnerabilities that an unauthorized party could use to access the victim’s information systems. As a result, CANNADY had access to the victim company’s sensitive and proprietary information. After about a year, CANNADY’s engagement was terminated. Days after, and while he still had access to the company’s information, CANNADY downloaded the company’s sensitive and proprietary information without its authorization and uploaded the information to a personal cloud storage account.
CANNADY then demanded that the company settle unspecified discrimination and emotional distress claims. He threatened to “upload all of the documents in his possession immediately once the case is filed” if the company did not settle his claims for $1.5 million. He added, “[a]s we all know those documents will imperil [the company’s] reputation and shake investor confidence.” He specifically demanded “a 10 year Certificate of Deposit for 1.5 million dollars,” which would “buy a[n] attestation that all files destroyed by me and a gag order preventing me from ever talking about what I saw or the documents I had in my possession or the documents I had created at [the company] or downloaded.”
At several points during his attempt to get the company to agree to a settlement, CANNADY sought specifically to add in provisions to a draft settlement agreement that would prohibit the company from pursuing criminal charges against him in connection with the settlement.
* * *
VINCENT CANNADY, 57, of El Dorado Springs, Missouri, is charged with Hobbs Act extortion, which carries a maximum sentence of 20 years in prison.
The maximum potential sentence is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by a judge.
Mr. Williams thanked the Federal Bureau of Investigation’s (“FBI”) New York Field Office, Westchester Resident Agency and the FBI’s Kansas City Field Office, Joplin and Springfield Resident Agencies.
This case is being handled by the Office’s White Plains Division. Assistant U.S. Attorneys Reyhan Watson and James McMahon are in charge of the prosecution.
The charge contained in the Complaint is merely an accusation, and the defendant is presumed innocent unless and until proven guilty.
[1] As the introductory phrase signifies, the entirety of the text of the Complaint and the description of the Complaint set forth herein constitute only allegations, and every fact described should be treated as an allegation.