In the Star Wars movie series, Death Star and Death Star II were the Galactic Empire’s ultimate terror weapons that could destroy an entire planet. Similarly, Justin Sean Johnson a.k.a. TheDearthStar and Dearthy Star, hacked the human resources databases of the University of Pittsburgh Medical Center (UPMC) with the intent of making lots of money from destroying the credit profiles of more than 65,000 employees. (I couldn’t resist a Star Wars analogy.)
Just as both Death Stars were destroyed by the Rebel Alliance shortly after they became operational, the U.S. Government has also shut down this 30-year-old former resident of Detroit, Mich., from committing any more aggravated identity theft.
Isn’t it ironic that Johnson went by TheDearthStar and Dearthy Star on the dark web? The word “dearth” means “a scarcity or lack of something.” (I’d say Johnson was lacking scruples, morals, and common sense.)
Johnson carried out his identity theft scheme by stealing Personally Identifiable Information (PII) in 2013 and 2014. Then, he sold that stolen information including W-2 info, names, Social Security numbers, addresses and salary information on dark web forums. Other criminals who purchased the stolen information filed hundreds of false 1040 tax returns in 2014 using UPMIC employee PII.
Those bogus 1040 filings resulted in hundreds of thousands of dollars in false tax refunds that were converted into Amazon.com gift cards. Those gift cards bought Amazon merchandise that was shipped to Venezuela. In addition, Johnson stole and sold nearly 90,000 non-UPMC sets of PII to dark web buyers. (Purchasers used this info to commit more identity theft and bank fraud.) That particular scheme resulted in approximately $1.7 million in false tax return refunds, putting victims in the middle of a hot mess.
Johnson pleaded guilty to stealing and selling the PII and W2 info of tens of thousands of UPMC employees. He received 5 years in prions for Conspiracy to Defraud the U.S. and a maximum of 2 years for aggravated identity theft, or a total of 7 years behind bars.
Hopefully, Justin Johnson has received a clear message that hacking has serious consequences. (And let’s hope that those unscrupulous individuals on the dark web also got the message.) The U.S. Secret Service promises that there is no hiding place they cannot find crime lurking. (To close with another Star Wars analogy, you can be sure that “The Force” will definitely be with the U.S. Government as they seek out criminals in the darkest corners of the earth to protect potential victims from identity theft.)
Today’s Fraud of the Day comes from a Department of Justice press release, “Judge Sentences Michigan Man to 7 Years in Prison for Hacking UPMC HR Databases and Stealing Employees’ Personal Information,” dated October 18, 2021.
PITTSBURGH, PA – Justin Sean Johnson was sentenced on Friday to the statutory maximum sentence of 60 months’ incarceration for Conspiracy to Defraud the U.S., and the statutory maximum of 24 months for Aggravated Identity Theft, for a total of 84 months of incarceration, for hacking the human resources databases of the University of Pittsburgh Medical Center and stealing Personally Identifiable Information (PII) of more than 65,000 UPMC employees, Acting United States Attorney Stephen R. Kaufman announced today.
Chief United States District Judge Mark R, Hornak imposed the sentence on Johnson, aka TheDearthStar and Dearthy Star, age 30, formerly of Detroit, Michigan.
