School Lunch Baron Allegedly Hacked Students' Data to Take Down His Competitor
The CFO of a school lunch distributor faces charges of identity theft and unauthorized computer access and could spend three years in prison.
Photo: Getty Images
When a bearded, weakly belligerent Julian Assange was dragged out of the Ecuadorian embassy in April, he had been indicted, in part, for helping Chelsea Manning hack into the US government’s computer systems, as well as encouraging Manning to try to obtain and distribute confidential information.
That’s a not-unexpected kind of espionage, especially for Assange. But when Keith Wesley Cosbey, a California executive, was arrested for allegedly hacking into a competitor’s website and stealing sensitive customer data, it had nothing to do with classified government secrets and everything to do with, uh, what school kids liked to eat for lunch.
According to the San Francisco Chronicle, the FBI spent more than a year investigating Cosbey, the chief financial officer of Choicelunch, a company that provides lunches to students in the Bay Area. He is facing charges of identity theft and unauthorized computer access and he could spend up to three years in prison.
The 40-year-old Cosbey has been accused of hacking into the website of The LunchMaster, another company that prepares and distributes meals that are served in northern California schools, so that he could obtain student data, including everything from their grades to their meal preferences to their food allergies. He then anonymously sent that information to the Department of Education, trying to tell whoever would listen that LunchMaster wasn’t adequately protecting students’ privacy.
The Department reported the security breach to LunchMaster, who immediately started an internal investigation. Because Cosbey isn’t a professional hacker, LunchMaster was able to trace that suspicious (but not-at-all anonymous) IT address back to Danville, California—which is the home of Choicelunch’s offices. “We try to serve school lunches, but it’s so complicated sometimes,” LunchMaster founder Ted Giouzelis told the Chronicle, adding that “[Cosbey] went to the extreme this time.”
He says ‘this time,’ because this is Choicelunch’s second try at using technology to take LunchMaster down. In 2014, Choicelunch sued LunchMaster’s parent company for copyright infringement, accusing them of copying their online ordering system.
“[LunchMaster’s] infringing website is substantially similar to [Choicelunch’s] original website,” the lawsuit read. “Both websites contain a calendar with rows consisting of weeks and columns of days of the week, and with sub-rows consisting of names. When users click on a particular day in both [company’s] calendars, virtually identical screens display, both with a photo of a food item with a list of available food items to the immediate left of the photo, a text box with details regarding the food item to the immediate right, and three soft keys for accessing food details, nutrition facts, and allergen information immediately above the details.”
When LunchMaster didn’t take the website down, Choicelunch did it for them, filing DMCA copyright takedown notices for LunchMaster’s original website, and for the replacement site they set up after the first one was yanked off the internet. The Register reports that US District Court Judge William Alsup told Choicelunch to knock it off, and stop using DMCA notices to pull its competitors’ websites down; the two companies ultimately settled before the case went to trial.
Cosbey is out of jail on $125,000 bond and his court date has been set for May 22. “Choicelunch is aware of the allegations and is awaiting more information before we can make a substantive comment,” the company told the Chronicle in a statement. “In its 15-year history serving California schools, Choicelunch has always endeavored to provide excellent service to its school lunch customers and will continue to do so while we await resolution of this matter.”
Huh. Wonder what kind of meals they serve in prison?