A 31-year-old Kansas City man has been indicted on federal charges for allegedly hacking into the computer systems of a health club chain and a nonprofit organization.
Nicholas Michael Kloster faces two counts related to unauthorized computer access and causing reckless damage.
The indictment shows that Kloster entered a health club business operating multiple locations in Kansas and Missouri late on April 26, 2024.
The following day, he emailed one of the owners claiming he had accessed their computer system and pitched his cybersecurity services.
The U.S. Attorney’s Office for the Western District of Missouri observed that the prosecutors allege Kloster then reduced his own gym membership fee to $1, erased his photo from the gym’s network, and stole a staff nametag.
Then later he posted a screenshot on social media showing control of the company’s security cameras with the message “how to get a company to use your security service.”
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
In a separate incident on May 20, 2024, Kloster allegedly breached a nonprofit organization’s premises and used a boot disk to bypass password protections on a computer.
After that he is accused of changing passwords and installing a virtual private network, causing over $5,000 in remediation costs.
The indictment also references misconduct at a third company where Kloster was employed in March and April 2024. He allegedly used a company credit card for personal purchases, including a thumb drive advertised for hacking vulnerable systems.
If convicted, Kloster could face up to 15 years in prison (5 years for unauthorized access and 10 years for reckless damage).
The case highlights the growing threat of cyber attacks against businesses and organizations. Cyber attacks on government agencies alone increased 148% year-over-year in the first eight months of 2023.
As this case demonstrates, insider threats from individuals with technical knowledge can pose a significant risk to computer systems and sensitive data.
The FBI and Kansas City Police Department investigated the case, which is being prosecuted by the U.S. Attorney’s Office for the Western District of Missouri.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.