The alleged hacker has been now been indicted for hacking databases at the University Of Pittsburgh Medical Center (UPMC).
A Michigan-based man identified as Justin Sean Johnson has been arrested by Pittsburg law enforcement authorities and indicted in the infamous hack attack targeting the University Of Pittsburgh Medical Center (UPMC), a non-profit health care organization, in 2014.
According to the Federal prosecutors in Pittsburg, the 29-year-old Johnson managed to steal private data of over 65,000 UPMC employees after hacking the Oracle PeopleSoft databases of UPMC by targeting its human resources’ server back in 2013 and 2014. The stolen data was then sold on the dark web.
See: FEMA leaks sensitive details of 2.3 million disaster survivors
Prosecutors allege that Johnson stole personally identifiable information including names, dates of birth, salaries, and Social Security numbers of more than 65,000 current and former UPMC employees.
Furthermore, the stolen information contained Federal Form W-2 data, which contains sensitive data like income tax and withholding records was also sold on the dark web.
Using the information identity thieves were able to file for false tax returns by impersonating as affected UPMC employees forcing the IRS to issue $1.7m in tax refunds, Attorney Scott Brady explained.
The money was converted into Amazon gift cards, which were used to buy Amazon products and were later shipped to Venezuela.
“The information was sold by Johnson on dark web forums for use by conspirators, who promptly filed hundreds of false form 1040 tax returns in 2014 using UPMC employee PII,” said U.S. Attorney Scott Brady in a statement. “These false 1040 filings claimed hundreds of thousands of dollars of false tax refunds, which they converted into Amazon.com gift cards, which were then used to purchase Amazon merchandise which was shipped to Venezuela.”
Johnson, an IT specialist at the Federal Emergency Management Agency (FEMA), is facing 43-count indictment including charges of wire fraud, conspiracy, and aggravated identity theft.
See: A pervert Yahoo employee hacked 6,000 accounts using internal system
The accused is currently in detention and will be facing trial soon.
Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.