Connect with us

Business

Man gets 7 years in prison for hacking 65K health care employees

Published

on

Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC).

After breaching UPMC’s human resources databases, Johnson stole the Personally Identifiable Information (PII) and W-2 info (including names, Social Security numbers, addresses and salary information) of more than 65,000 employees and sold it on the dark web.

UPMC is Pennsylvania’s largest healthcare provider with over 90,000 employees working in 40 hospitals and 700 doctors’ offices and outpatient sites.

In 2020, Johnson was charged in a forty-three count indictment with conspiracy, wire fraud, and aggravated identity theft. One year later, he pleaded guilty to stealing and selling the PII and W2 info of tens of thousands of UPMC employees.

“Justin Johnson stole the names, Social Security numbers, addresses and salary information of tens of thousands of UPMC employees, then sold that personal information on the dark web so that other criminals could further exploit his victims,” said Acting U.S. Attorney Kaufman on Monday.

“Today’s sentence sends a deterrent message that hacking has serious consequences.”

AlphaBay Market ad
AlphaBay Market ad

Massive campaign of further scams and theft

Johnson breached UPMC’s network in early December 2013 after hacking the health care provider’s Oracle PeopleSoft human resource management system.

The same day, he gained access to the PII of roughly 23,500 UPMC employees after running a test query on the compromised HR database.

Between January 21 and February 14, 2014, he continued querying the database multiple times per day to steal the PII of tens of thousands of UPMC employees.

In 2014 alone, the stolen UPMC employee PII sold by Johnson on the dark web was used by fraudsters to file hundreds of false 1040 tax returns and claim approximately $1.7 million in false tax refunds which were converted into Amazon.com gift cards.

Evolution dark web marketplace ad
Evolution dark web marketplace ad

In all, between 2014 and 2017, Johnson stole and sold almost 90,000 additional (non-UPMC) sets of PII data to his dark web clients, who likely used it for identity theft and bank fraud.

“The actions of criminals like Justin Johnson can have long-lasting and devastating effects on the lives of innocent people,” added Yury Kruty, Acting Special Agent in Charge of IRS-Criminal Investigation.

“Johnson carried out his intricate scheme with no regard for his victims. Today’s sentencing will hopefully be a deterrent to other potential crooks who may be considering carrying out similar conduct.”

Source: https://www.bleepingcomputer.com/news/security/man-gets-7-years-in-prison-for-hacking-65k-health-care-employees/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO