fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Arrested For Stealing, Selling PII Of 65k Hospital Employees

Hacker Arrested For Stealing, Selling PII Of 65k Hospital Employees

29-year-old Michigan man Justin Sean Johnson was arrested earlier this week for allegedly being behind the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC), stealing the PII and W-2 information of over 65,000 employees, and selling it on the dark web.

Pittsburgh-based UPMC is Pennsylvania’s largest healthcare provider with over 90,000 employees, integrating 40 hospitals and 700 doctors’ offices and outpatient sites.

Johnson, aka “TDS” and “DS”, was charged in a forty-three count indictment with conspiracy, wire fraud, and aggravated identity theft.

“Justin Johnson stands accused of stealing the names, Social Security numbers, addresses and salary information of every employee of Pennsylvania’s largest health care system,” U.S. Attorney Brady said in a press release.

“After his hack, Johnson then sold UPMC employees’ PII to buyers around the world on dark web marketplaces, who in turn engaged in a massive campaign of further scams and theft.”

Also read: 7 Useful Tools On How To Find Company Contact Information

Info of tens of thousands of employees stolen within a month

According to the indictment, Johnson purportedly initially infiltrated UPMC’s HR database network around December 1, 2013, by hacking the company’s Oracle PeopleSoft human resource management system.

On the same day, he ran a test query on the HR database which resulted into the PII of roughly 23,500 UPMC employees being accessed.

Between January 21 and February 14, 2014, he supposedly continued remotely accessing the HR database multiple times per day to steal the PII of tens of thousands of other UPMC employees.

Johnson sold the stolen data on darknet marketplaces like AlphaBay Market and Evolution, who later used it to fraudulently filed Form 1040, 1040, and 1040EZ federal income tax returns which allowed them to claim thousands of dollars in false tax refunds.

Evolution darknet marketplace ad

These tax refunds, which amounted to $1.7 million in unauthorized federal tax returns, were converted into Amazon gift cards, later used to buy Amazon merchandise that got sent to Venezuela using Miami reshipping services.

“Additionally, the indictment alleges that Johnson, since 2014 through 2017, as TDS or DS, regularly sold other PII to buyers on dark web forums, which could be used to commit identity theft and bank fraud,” a Department of Justice press release says.

Johnson deposited roughly $8,258.97 worth of cryptocurrency bought with the monies obtained by selling the exfiltrated UPMC employees’ data into a Coinbase account.

AlphaBay Market ad

Tens of years in prison if found guilty

According to an indictment memorandum, if found guilty, Johnson faces a maximum sentence of five years in prison and a fine up to $250,000 for conspiracy, 20 years in prison and a fine of up to $250,000 for each count of wire fraud, and a mandatory 2 years in prison and a fine of up to $250,000 for each count of aggravated identity theft.

Per the DoJ press release, the defendant is presumed innocent until proven guilty in a court of law.

“Hackers like Johnson should know that our office will pursue you relentlessly until you are in custody and held accountable for your crimes,” U.S. Attorney Brady concluded.

“The healthcare sector has become an attractive target of cyber criminals looking to update personal information for use in fraud; the Secret Service is committed to detecting and arresting those that engage in crimes against our Nation’s critical systems for their own profit,” U.S. Secret Service Special Agent in Charge Timothy Burke added.

Also read: How to Write an Effective Privacy Statement for Websites

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us