In December 2020, Nickolas Sharp, a senior cloud engineer at Ubiquiti Networks (maker of UniFi networking equipment), used his legitimate access to Ubiquiti’s AWS infrastructure and GitHub to exfiltrate gigabytes of source code and customer data. Sharp then sent an anonymous extortion demand to Ubiquiti for ~50 Bitcoin ($1.9M), threatening to publish the stolen data if payment was not made. Ubiquiti disclosed the ’external breach’ in January 2021, causing its stock to fall ~20%. Sharp sent tips to media impersonating a whistleblower, claiming the breach was more serious than Ubiquiti admitted. The FBI identified Sharp when a brief VPN dropout during the attack exposed his home IP address in Ubiquiti’s AWS CloudTrail logs. Sharp was sentenced to 6 years in federal prison in 2023. This case became a landmark insider threat and security incident response case study, demonstrating the danger of privileged insiders, the importance of cloud audit logging (CloudTrail), and the legal consequences of extortion.