Michigan Man Arrested for Selling Stolen Information the Darkweb

Authorities arrested and charged a Michigan man for allegedly hacking the human resource database of a medical center, stealing the personally identifiable information of more than 65,000 employees, and selling the stolen data on the darkweb.

According to court records, Justin Sean Johnson, 29, hacked the human resource databases of the University of Pittsburgh Medical Center (UPMC) in late 2013 and early 2014. He used his access to steal names of employees, Social Security numbers, addresses, employment statuses, and W-2 information. Johnson allegedly sold the stolen information on the darkweb. According to court records, customers filed false tax returns and claimed tax refunds.

Johnson Worked for FEMA According to His Facebook and LinkedIn Profiles

Johnson Worked for FEMA According to His Facebook and LinkedIn Profiles

The 43-count indictment alleges that Johnson first hacked into the HR database of UPMC on December 1, 2013. He stole the personal information of more than 23,500 UPMC employees during the first breach. Johnson then hacked into the UPMC HR database regularly between January 21, 2014, and February 24, 2014, and stole the information of thousands of UPMC employees.

Between December 11, 2013, and April 12, 2014, Johnson allegedly listed the stolen information on the Evolution darkweb marketplace. Johnson allegedly operated under the aliases “DearthStar” and “TheDearthStar." An example of a listing from TheDearthStar is copied below:

US identity Fullz + 2013 W-2 [Pack of 10]

Description $3 each Name Address City State Zip SSN DOB Federal State/City W-2 Information (includes employer EIN and address) Provided but unverified data: Marital Status

!!!The majority of this listing will originate from Pennsylvania!!!

Johnson deposited his earnings into an account with Coinbase. The deposits allegedly amounted to more than $8,000.

The buyers of the stolen information sold by Johnson reportedly filed more than 1,300 false income tax returns between January and March 2014. The filers then claimed more than $1.7 million in unauthorized tax refunds.

U.S. Attorney Brady:

Justin Johnson stands accused of stealing the names, Social Security numbers, addresses and salary information of every employee of Pennsylvania’s largest health care system. After his hack, Johnson then sold UPMC employees’ PII to buyers around the world on dark web marketplaces, who in turn engaged in massive campaign of further scams and theft. His theft left over 65,000 victims vulnerable to years of potential financial fraud. Hackers like Johnson should know that our office will pursue you relentlessly until you are in custody and held accountable for your crimes.

The indictment alleges that after the UPMC hack in 2014, Johnson continued to hack companies and sell stolen information on darkweb marketplaces. Investigators believe he operated vendor accounts through 2017.

On May 20, 2020, Johnson was indicted by a federal grand jury in Pittsburgh for conspiracy, wire fraud and aggravated identity theft charges. He was arrested on June 16 in Detroit.

United States of America vs. Justin Sean Johnson 43-Count Indictment pdf html

Do you really want to comment here? not rules
f97dd920 Tue, Jun 23, 2020

coinbase again!…. WAs he paying directly from the market to his coinbase account?

28539950 Tue, Jun 23, 2020

coinbase is always the reason………

188d5ba0 Tue, Jun 23, 2020

Deena Wilber you spammed this comments section! Your whole spiel sounds like a fuckin’ scam, ma’am. Playing on the desperation of script kiddie scum.

b3cf73a0 Tue, Jun 23, 2020

Deena, take a long look in the mirror: you’re as desperate as the marks you sucker. But karma is a bitch…

4331e350 Tue, Jun 23, 2020

deena if you keep spamming this shit you are going to regret it

eb250eb0 Wed, Jun 24, 2020

Do people not use Monero? It’s always something with coinbase

5dd427c0 Wed, Jul 1, 2020

Jesus uck, unsubscribe!

2d60a9f0 Sun, Jul 5, 2020

What a fucking dweeb

ed3a8a60 Sat, Jul 18, 2020

The law provides for a maximum sentence of five years in prison and a fine of not more than $250,000 for the conspiracy to defraud the United States; 20 years in prison and a fine of not more than $250,000 for each count of wire fraud, and a mandatory 24 months in prison and a fine of not more than $250,000 for each count of aggravated identity theft. Under the Federal Sentencing Guidelines, the actual sentence imposed is based upon the seriousness of the offenses and the criminal history, if any, of the defendant.


New comments are disabled after ten days in an attempt to limit spam.