Friday, January 28

Employee steals company data and demands bitcoins to return

A former Ubiquiti engineer is being accused of stealing data from the company he worked for and extorting from his former employer the sum of $1.9 million in Bitcoin for returning the data. Ubiquiti is the world leader in wireless broadband solutions for businesses.

Nicholas Sharpe worked for Ubiquiti as a Cloud Services Engineer from August 2018 to April 2021. He used his developer login to download a lot of the company’s sensitive data.

Not knowing that the person responsible for the data theft was within the company itself, Ubiquiti created a team to solve the problem, which included the employee responsible for the theft.

According to the investigations, Nicholas Sharpe, taking advantage of his position at Ubiquity (a former head of the cloud services team) and the ability to gain administrator access, copied about 150 repositories from a corporate GitHub account to his personal computer in December 2020.

redemption request

Posing as an anonymous hacker, he sent a message demanding ransom of 50 bitcoins to the Ubiquiti administration. At the time, about $1.9 million in exchange for the stolen data.

In the message, it said: “No bitcoin. Without conversation”. He then added a link to a folder with some of the company’s stolen data.

Ubiquiti did not pay the ransom and he published the stolen data on the internet. After the data was leaked, the company’s shares fell nearly 20% from March 30 to March 31, Ubiquiti lost $4 billion in market value.


In March, the FBI broke into the man’s home, seizing all of his electronic devices. A few days later, he tried to mislead the investigation, saying that Ubiquiti’s security system had been hacked and that the company was trying to hide the fact that users’ data was being stolen.

Prior to working at Ubiquiti, Sharp worked as a software engineer at Amazon. He left Ubiquiti around the same time the FBI issued a warrant to search his home.

At the time of his arrest, according to his LinkedIn profile, he was a senior software engineer at Lytx, a video calling technology company.

According to the FBI, the man was discovered due to his real IP address remaining in the server logs.

He is now being charged with four crimes: electronic fraud, deliberate damage to secure computers, sending international messages for extortion and perjury to the FBI.