On January 22, 2020, Kristopher Ives, 33, of Portland, was sentenced to 12 months and one day in federal prison and three years’ supervised release for illegally accessing the computer network and data of his former employer, Gearbox Studios, after being terminated.
According to court documents, in 2008, Ives began working as a computer programmer for Gearbox Studios, a Portland-based digital marketing agency. Ives eventually became Gearbox Studio’s lead programmer for server architecture and support, a position of trust with access to the computer networks and data of both the company and the company’s clients.
Between February and May 2015, after being terminated from his position, Ives illegally accessed Gearbox’s computers to steal and tamper with data. He used this data to attack Gearbox’s servers and various websites belonging to Gearbox customers. Ives deleted nearly 20,000 products from customer websites and changed prices for various items. Ives also stole names and credit card numbers from these Gearbox customer websites and threatened to release the information unless Gearbox made payment to a bitcoin address.
On October 18, 2019, Ives pleaded guilty to one count of fraud in connection with computers.
This case was investigated by the FBI’s Oregon Cyber Task Force and prosecuted by Quinn P. Harrington, Assistant U.S. Attorney for the District of Oregon.
Any public or private entity suspecting a cyber intrusion or attack should contact the FBI through the Internet Crime Complaint Center at www.ic3.gov or by calling your nearest FBI office.