Michigan Guy Pleads Guilty to Stealing And Selling of PII of UPMC Staff

A Michigan male has confessed to hacking into the human resource data storage of the University of Pittsburgh Medical Center from 2013 to 2014 and thieving 65,000 UPMC employees’ personally identifiable information (PII) and W-2 information.

Justin Sean Johnson, 30 years of age, of Detroit, MI, was a Federal Emergency Management Agency (FEMA) IT expert known as The DearthStar and Dearthy Star on darknet forums. After 6 years of hacking the databases and peddling stolen records, Johnson was charged by a federal grand jury in Pittsburgh and was imprisoned for aggravated identity theft, wire fraud, and conspiracy.

Johnson in the beginning hacked into UPMC’s Oracle PeopleSoft HR database last December 2013 and viewed the PII of 23,500 UPMC staff. From January 2014 and February 2014, Johnson accessed the resources a number of times every day and copied PII. Johnson then offered for sale the stolen information on darknet marketplaces for instance AlphaBay to scammers who employed the records in 2014 to file numerous falsified 1040 tax returns.

As per a Department of Justice report, the criminal action led to around $1.7 million fraudulent tax reimbursements being compensated by the IRS. The tax refunds were used to get Amazon.com gift cards that were utilized to order high-value merchandise that was sent to Venezuela. Johnson received about $8,000 in Bitcoin for stealing the UPMC workforce information.

Aside from the thievery and vending of UPMC personnel PII, from 2014 to 2017 Johnson stole and offered for sale approximately 90,000 sets of PII on darknet sites. That material was then employed for identity theft and bank fraud.

Johnson lately pleaded guilty to 2 counts of a 43-count indictment and at this moment is awaiting sentencing. Johnson will serve up to 5 years prison term and will pay a fine of as much as $250,000, as well as 24-months imprisonment and a penalty of around $250,000 for aggravated identity theft.

The U.S. Secret Service Special Agent in Charge Timothy Burke said that the healthcare segment has turned out to be an interesting target of cyber attackers wanting to update personal data and use it for scams; therefore the Secret Service is driven to detect and capture those that take part in crimes versus our Nation’s critical systems for their individual gain.

Three more persons have confessed to crimes undertaken in connection with the scam. Maritza Maxima Soler Nodarse from Venezuela pleaded guilty in 2017 to doing conspiracy to con the United States in connection with the submission of fake tax refunds. Yoandy Perez Llanes of Cuba pleaded guilty in 2017 to purchasing Amazon.com gift cards to launder the cash. Justin. A. Tollefson from Spanaway, WA pleaded guilty in 2017 to utilizing stolen identities to submit falsified income tax returns.