A federal judge ruled on Monday that a 30-year-old Michigan man will spend seven years behind bars for stealing personal information from 65,000 healthcare workers and selling it on the darknet. Justin Sean Johnson, who went by the vendor names “TheDearthStar” and “DearthyStar”, was arrested in June 2020 on charges of conspiracy, wire fraud and aggravated identity theft stemming from the 2014 hack of University of Pittsburgh Medical Center (UPMC). He plead guilty to those charges.
During several database breaches starting in late 2013 and continuing through early 2014, Johnson hacked into the UPMC databases several times undetected, collecting tens of thousands of records containing names, Social Security numbers, addresses and salary information. He then packaged the data for sale on the AlphaBay and Evolution markets where it was quickly purchased and used to file thousands of fraudulent tax returns.
Much of the stolen personal information was collected from UPMC employee W2 tax forms in quick bursts over a short period in January and February 2014.
In all, the Johnson’s customers managed to collect approximately $1.7 million in fraudulent tax refunds from the IRS. Most of this money was used to purchase Amazon gift cards that were spent on products sent to Venezuela through a Miami-based reshipping company.
The UPMC is Pennsylvania’s largest healthcare provider, employing close to 90,000 workers; all of which were thought to be at least partly affected by the breach.
Between 2014 and 2017, Johnson also stole 90,000 sets of personal information from other sources, which was then also sold on various darknet forums for the purposes of identity theft or bank fraud.
He was sentenced on Monday to 60 months in prison for conspiracy to defraud the United States and 24 months for aggravated identity theft.