Ubiquiti on Tuesday filed a lawsuit against industry blogger Brian Krebs for $425,000 in damages for allegedly falsely accusing the company of “covering up” a cyberattack.
According to the complaint, Krebs intentionally misled the public about a data breach and a subsequent blackmail attempt.
Ubiquiti said it promptly notified customers of the attack and instructed them to take additional security precautions to protect their information. Ubiquiti then notified the public in the next filing it made with the SEC, but they claim Krebs intentionally disregarded the steps the company took to target Ubiquiti and increase ad revenue by driving traffic to his website, KrebsonSecurity.
The complaint said that only one source propped up Kreb’s story against Ubiquiti: Nickolas Sharp, the Ubiquiti employee behind the cyberattack.
In an email provided to SC Media, Krebs said that at the request of counsel, he will not be commenting.
On Dec. 1, 2021, federal prosecutors with the U.S. Attorney’s Office from the Southern District of New York charged Sharp on four felony counts for “stealing confidential data and extorting” Ubiquiti “while posing as an anonymous attacker.”
Ubiquiti said Krebs allegedly reviewed the press release and knew that his sole source had been indicted for his criminal involvement in the cyberattack. But the indictment said Krebs published a story on his blog the next day doubling down on his accusations against Ubiquiti and intentionally misleading his readers into believing that his earlier reporting was not sourced by Sharp, the hacker behind the attack.
In a long tweet thread, Corey Quinn, chief cloud economist at the Duckbill Group calls into question the Ubiquiti lawsuit and pointed out that the law firm representing Ubiquiti, Clare Locke LLP in Alexandria, Virginia, has a long history of suing media companies.
Correction: An earlier version of this story incorrectly stated the dollar amount sought in the lawsuit, which has been corrected. We regret the error.