Former Ubiquiti employee charged with stealing data, extorting employer

The defendant posed as a whistleblower to leak misleading stories about the breach to the press.
FBI, DOJ, FIN7, Methbot
(Getty Images)

The FBI arrested a former employee of a U.S. technology company for allegedly breaching and stealing confidential data from his employer and then extorting the company for nearly $2 million.

The defendant, Nickolas Sharp, after allegedly stealing sensitive information posed as a whistleblower to plant misleading news about the company’s breach, according to an indictment released Wednesday. The articles caused the company’s share price to drop, causing it to lose market value, according to the Justice Department.

The indictment does not mention the company where Sharp worked, though the timeline and details of the incident match up with a breach of router company Ubiquiti discovered in January. An anonymous whistleblower accused the company of covering up the incident in March, matching  with the FBI’s account of Sharp’s actions. Sharp’s LinkedIn confirms he worked at Ubiquiti at the time.

The company did not immediately respond to a request for comment Thursday.


In a prior statement, the $1.8 billion hardware firm said the intruder did not access customer data.

“At this point, we have well-developed evidence that the perpetrator is an individual with intricate knowledge of our cloud infrastructure,” the company said.

Around December 2020, Sharp, a senior developer at the company, allegedly misused his access to company systems to download confidential data from his employer. In January, he sent an anonymous ransom request to the company demanding roughly $1.9 million worth of bitcoin in exchange for returning the data and fixing the alleged vulnerability used to access it.

The company denied the demand, only for some the data to be published online.

Shortly after the FBI questioned Sharp about the incident, he leaked misleading information about the company’s handling of the hack to the press, the charges say.


To hide his tracks, the defendant is accused of damaging the computers’ logging system and used a virtual private network to mask his internet protocol address. However, a brief power outage at Sharp’s house exposed his home IP unmasked without the VPN.

“We allege Mr. Sharp created a twisted plot to extort the company he worked for by using its technology and data against it,” said FBI Assistant Director Michael Driscoll. “Mr. Sharp may have believed he was smart enough to pull off his plan, but a simple technical glitch ended his dreams of striking it rich.”

Sharp, who was arrested in Oregon on Wednesday, is charged with four counts, including wire fraud,  intentionally damaging a protected computer and lying to the FBI. He does not appear to have entered a plea.

If convicted, Sharp could face 37 years in prison.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts