On May 1, the U.S. Attorney for the Southern District of New York, Damian Williams, announced the arrest of Vincent Cannady, a former cybersecurity consultant, in connection with a $1.5 million extortion scheme targeting a publicly traded IT infrastructure services provider. Cannady, who had been assigned by a staffing company to assess and remediate vulnerabilities in the victim company’s information systems, was terminated after about a year. Following his termination, Cannady allegedly downloaded sensitive and proprietary information from the company without authorization and uploaded it to a personal cloud storage account.
Cannady then demanded a $1.5 million settlement for unspecified discrimination and emotional distress claims, threatening to publicly disclose the stolen information if his demands were not met. He insisted on a 10-year Certificate of Deposit for the amount, along with a gag order preventing him from discussing the information or his actions. Cannady also sought to include provisions in the settlement agreement to protect himself from criminal charges.
The charges against Cannady include Hobbs Act extortion, carrying a maximum sentence of 20 years in prison. The arrest, conducted in El Dorado Springs, Missouri, was a coordinated effort by the FBI’s New York Field Office and the FBI’s Kansas City Field Office. The case is being prosecuted by Assistant U.S. Attorneys Reyhan Watson and James McMahon from the Office’s White Plains Division. This case serves as a stark reminder of the importance of promptly terminating access to sensitive information for former employees and contractors.
