Former employee of national industrial company arrested for attempted data extortion
SOMERSET COUNTY, NJ – A Missouri man was arrested for an attempted data extortion campaign targeting his former employer, a U.S.-based industrial company with its headquarters located in Somerset County, according to U.S. Attorney Philip R. Sellinger.
Daniel Rhyne, 57, of Kansas City was charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud.
He was arrested in Missouri on Aug. 27 and had an initial appearance in Kansas City federal court and was released, Sellinger said.
According to documents filed in this case and statements made in court, Rhyne was employed by a U.S.-based industrial company in New Jersey as a core infrastructure engineer. On Nov. 25, 2023, certain employees of the company received an extortionate e-mail. The email warned the employees that all of the company’s IT administrators had been locked out or deleted from the company’s computer network; backups of the company’s servers had been deleted; and additional servers belonging to the company would be shut down each day for a period of 10 days if a ransom of 20 Bitcoin, equivalent at the time to $750,000, was not paid.
The investigation revealed that Rhyne gained unauthorized access to the company’s computer systems by remotely accessing the a company administrator account. Rhyne then, without authorization, scheduled several computer tasks to be carried out on the network, including changing the company administrator passwords and shutting down its servers. Rhyne controlled the email address used to send the November 25 extortion email to the company’s employees.
The charge of extortion in relation to a threat to cause damage to a protected computer carries a maximum penalty of five years in prison and a $250,000 fine. The charge of intentional damage to a protected computer carries a maximum penalty of 10 years in prison and a $250,000 fine. The wire fraud offense carries a maximum penalty of 20 years in prison and a $250,000 fine.