A hacker from Michigan, by name Justin Sean Johnson, was arrested a few days ago for the hack on University of Pittsburgh Medical Center (UPMC), which took place in 2014. The hacker stole personal information 65.000 employees and sold them to Dark web. Although there are many indications, his guilt has not yet been proven.
"Justin Johnson is accused of stealing the names, social security numbers, addresses and payroll of employees of Pennsylvania's largest health care system," a press release said.
The hacker stole the data of tens of thousands of employees in one month
According to the indictment, Johnson gained access to the URMC's HR database network around December 1, 2013, hacking it. Oracle PeopleSoft human resources management system.
The same day, he conducted a query test at the base data HR, which resulted in access to the personal information of about 23.500 UPMC employees.
It is said that between January 21 and February 14, 2014, the hacker repeatedly entered the database to steal the data of more employees.
The hacker sold the stolen data to darknet markets such as AlphaBay Market and Evolution.
"In addition, the indictment alleges that Johnson, from 2014 to 2017, as TDS or DS, sold other items to buyers in dark forums, which could be used to commit theft. identity and for bank fraud ", states a press release of the Ministry of Justice.
If convicted, he will spend many years in prison
If convicted, Johnson faces up to five years in prison and a fine of up to $ 250.000 for conspiracy, 20 years in prison and a fine of up to $ 250.000 for the rest. scams, and mandatory 2 years imprisonment and a fine of up to $ 250.000 for identity theft.
According to DoJ's press release, the accused is considered innocent until found guilty.