The Insider Who Allegedly Stole a Bay Area Tech Startup From the Inside Out

The Bay Area technology industry understands insider threats as an abstract risk category. Every company with a mature security posture has policies for it: access controls, data loss prevention tools, offboarding checklists, non-disclosure agreements. The assumption embedded in those controls is that the threat, when it materializes, will be caught or mitigated.

A federal RICO complaint filed in January 2026 describes what happens when the insider is the COO.

The case — Case 3:26-cv-00080-GPC-BJW, filed January 6, 2026 in the United States District Court for the Southern District of California — names fifteen defendants and catalogs more than 750 alleged predicate acts of racketeering spanning eight years. At the center of the insider threat phase of the alleged scheme: Joshua Paul Lintz, hired in March 2020 as Chief Operating Officer of TopDevz LLC at an annual salary of $200,000.

The complaint alleges that within twenty-two months of taking that job, Lintz had helped organize an eight-day data extraction operation that transferred the company’s most valuable assets — 2.5 million contractor records, client databases, corporate files, financial records — to an external server. Thirty-three days after that extraction, he incorporated a competing company in Wyoming. That company, TalentCrowd LLC, was subsequently acquired by GBQ Partners LLC, an Ohio accounting firm, effective January 31, 2025.

The complaint alleges TalentCrowd’s revenue, which reportedly exceeded $12 million in its first year, was built entirely on what it calls stolen TopDevz assets.

What TopDevz Was

TopDevz, LLC was founded in 2017 by Ashkan Rajaee and Tyler Brandon Davis. The company operated out of La Jolla, California — less than two miles from the Pacific — and specialized in placing elite contract software developers with enterprise clients. The roster included HBO, DriveTime Automotive Group, Procore Technologies, and Becton Dickinson.

The company’s core asset was not a product or a patent. It was a database.

Over years of sourcing, vetting, and relationship-building, TopDevz assembled what the complaint describes as a 15,643-record candidate database — contract developers across 221+ technology skillsets screened to what the company marketed as top 1% quality. On top of that database sat a proprietary platform called PULSE, which tracked 400 data points per resource in real-time, billed in 15-minute increments. The combination of the database and the platform was the company’s competitive advantage.

By 2021, cumulative earned revenue had reached nearly $30 million. Independent valuations placed the company between $18 million and $30 million. The founder, Ashkan Rajaee, had been featured in Forbes Technology Council, named among The Silicon Review’s 30 Best CEOs of 2020, and profiled by Entrepreneur Magazine.

The COO Hire

In March 2020, TopDevz hired Joshua Paul Lintz as its Chief Operating Officer at $200,000 per year.

COOs occupy a specific position of trust in technology companies. They have access to everything — client relationships, contractor databases, financial records, operational systems, vendor contracts. They are, by definition, people to whom the founder has delegated authority over the company’s day-to-day machinery.

The complaint alleges Lintz used that trust as his primary instrument.

The Eight Days

According to the 185-page complaint, the extraction operation began on January 6, 2022, and ran through January 14, 2022.

Amanda Frye, TopDevz’s Director of Accounts, was the technical executor. On January 14, the complaint alleges, she downloaded the company’s entire Zoho Recruit database — approximately 2.5 million records representing years of contractor sourcing, candidate vetting, and skill assessment. The download was not a gradual leak. It was a comprehensive extraction of the company’s core proprietary asset.

Simultaneously, between January 6 and January 14, Frye downloaded 3,784 confidential files from TopDevz email accounts: client lists, financial records, contractor databases, sourcing methodology, project histories.

Then the operational infrastructure was destroyed. Over 130 TopDevz client projects were permanently deleted from the company’s Jira project management system. Years of project documentation and client deliverables were wiped.

Davis, the minority member the complaint identifies as the principal architect of the broader scheme, provided testimony under oath about the extraction. His words are quoted directly in the filing: I instructed her to download as much information as humanly possible at that time.

33 Days

On February 8, 2022, Joshua Lintz incorporated TalentCrowd, LLC in Wyoming.

The timeline compression matters. The data extraction concluded on January 14. The new company was formed on February 8 — 25 days later, or 33 days from when the extraction began. You don’t build a technology staffing company from scratch in 33 days. You don’t source 2.5 million qualified contractor records in 33 days.

TalentCrowd set up operations at 125 S Highway 101, Suite 1060, in Solana Beach, California. Amanda Frye became TalentCrowd’s CEO. The same people. The same data. The same clients. A different name.

The $12 Million Year

In its first year of operation, TalentCrowd reportedly generated over $12 million in revenue.

By March 2023, Frye was publicly claiming TalentCrowd had logged almost 90,000 hours of service in its inaugural year. The complaint connects those numbers directly to the stolen database.

In February 2025, TalentCrowd was acquired by GBQ Partners LLC, an Ohio-based professional services firm with approximately $59.6 million in annual net revenue. GBQ retained Lintz and Frye in their leadership positions after the acquisition.

The Broader Architecture

The insider threat in this case didn’t operate in isolation. The 185-page RICO complaint describes a fifteen-defendant conspiracy in which Lintz’s role was one component of a much larger scheme that allegedly included multiple California attorneys, shell companies, and eventually a federal bankruptcy proceeding.

Most security controls are built to catch external threats. Perimeter defenses, network monitoring, access logs — these are oriented toward people trying to break in. They’re materially less effective against people who already have authorized access and are exfiltrating data with their own legitimate credentials.

The case is pending in the United States District Court for the Southern District of California. Joshua Paul Lintz has not been convicted of any crime in connection with the conduct described above. All allegations referenced in this article are civil claims. No findings of fact have been made by the court, and all defendants are presumed innocent until proven otherwise.