Justin Sean Johnson, a 30-year-old from Detroit, Michigan, has pleaded responsible to stealing the personally identifiable info (PII) of 65,000 staff of well being care supplier and insurer College of Pittsburgh Medical Heart (UPMC) and promoting it on the darkish net.
UPMC is Pennsylvania’s largest well being care supplier that employs greater than 90,000 staff in 40 hospitals and 700 medical doctors’ workplaces and outpatient websites.
Johnson (additionally recognized on the darkish net as ‘TheDearthStar’ and ‘Dearthy Star’) was charged with conspiracy, wire fraud, and aggravated id theft in a forty-three count indictment filed final 12 months, in Might 2020.
“Justin Johnson stands accused of stealing the names, Social Safety numbers, addresses and wage info of each worker of Pennsylvania’s largest well being care system,” U.S. Legal professional Brady stated in a press release issued in June 2020, after his arrest.
“After his hack, Johnson then bought UPMC staff’ PII to consumers around the globe on darkish net marketplaces, who in flip engaged in an enormous marketing campaign of additional scams and theft.”
Knowledge of tens of hundreds stolen inside one month
Johnson initially infiltrated UPMC’s HR database community in early December 2013 by hacking the corporate’s Oracle PeopleSoft human useful resource administration system.
On the identical day, he accessed the PII of roughly 23,500 UPMC staff after working a check question on the breached HR database.
Between January 21 and February 14, 2014, he continued accessing the database a number of occasions per day remotely to exfiltrate the PII of tens of hundreds of UPMC staff.
Johnson bought the information he stole on darkish net marketplaces like Evolution and AlphaBay Market to consumers who used it to fraudulently file Type 1040, 1040, and 1040EZ federal revenue tax returns.
In line with the indictment, the fraudulent tax refunds, which amounted to $1.7 million in unauthorized federal tax returns, have been later transformed into Amazon reward playing cards used to purchase Amazon merchandise that received despatched to Venezuela by way of Miami reshipping providers.
Johnson deposited the cryptocurrency he purchased utilizing the monies obtained by promoting the stolen UPMC staff’ knowledge right into a Coinbase account.
In addition to promoting the PII of roughly 65,000 staff from UPMC’s breached HR databases, Johnson additionally stole and bought nearly 90,000 further (non-UPMC) units of PII between 2014 and 2017, all of it doubtlessly utilized by the consumers to commit id theft and financial institution fraud.
Detained pending sentencing
Johnson is dealing with a most sentence of 5 years in jail and a advantageous of as much as $250,000 for conspiracy to defraud america, in addition to a compulsory two years in jail and a advantageous of as much as $250,000 for every depend of aggravated id theft.
In line with a DOJ press release, the investigation resulting in Johnson’s prosecution was performed by brokers from the Inner Income Service-Legal Investigation, america Secret Service, america Postal Inspection Service, and Homeland Safety Investigations.
Johnson stays detained pending sentencing, because the Courtroom ordered after his responsible plea was filed final week.
“Hackers like Johnson ought to know that our workplace will pursue you relentlessly till you’re in custody and held accountable in your crimes,” U.S. Legal professional Brady stated final 12 months.
“The healthcare sector has develop into a pretty goal of cyber criminals trying to replace private info to be used in fraud; the Secret Service is dedicated to detecting and arresting people who interact in crimes towards our Nation’s crucial methods for their very own revenue,” U.S. Secret Service Particular Agent in Cost Timothy Burke added.