In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the "Turkish Crime Family" and in possession of 319 million iCloud accounts.
Initially, Albayrak wanted $75,000 in iTunes gift cards or cryptocurrency from Apple to go away. But a couple of days later, after sharing a YouTube video of himself apparently accessing iCloud accounts, he upped his demand to $100,000.
If the company failed to meet his demands, Albayrak threatened that he would start remotely wiping the victim's Apple devices, factory reset iCloud accounts, and dump the stolen database online.
Unfortunately for Albayrak, Apple decided not to negotiate. The company instead discovered that there had been no breach of iCloud accounts and reported the attempted blackmail to law enforcement. In March 2017, Albayrak was arrested.
The NCA investigation into the matter confirmed that there were no signs of a compromise of Apple's iCloud network and that the data Albayrak claimed to have in possession was actually from "previously compromised third-party services which were mostly inactive."
"When you have power on the internet, it's like fame and everyone respects you, and everyone is chasing that right now," Albayrak told investigators.
On 20 December, Albayrak was sentenced at Southwark Crown Court and given a two year suspended jail term, full 300 hours of unpaid work in the neighbourhood, and a six-month electronic curfew.
"Albayrak wrongly believed he could escape justice after hacking into two accounts and attempting to blackmail a large multi-national corporation," said Anna Smith, a Senior Investigative Officer for the NCA.
For its part, Apple hasn't commented on the matter and those allegedly stolen iCloud accounts are believed to be safe. But it's perhaps a lesson for companies of all types: Hackers are constantly thinking of ways to target corporate information for financial gain and notoriety. How companies handle the problem, respond to threats, and, most important, safeguard information ultimately determines how bad it can be.