Security News > 2020 > June > Hacker indicted for stealing 65K employees’ PII in medical center hack

Hacker indicted for stealing 65K employees’ PII in medical center hack
2020-06-22 12:55

A Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center's HR databases and theft of employees' personal information - information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns.

The theft involved personally identifying information belonging to 65,000 employees from the medical center's PeopleSoft human resources management system.

The purloined data included the names, Social Security taxpayer ID numbers, birth dates, addresses, marriage statuses, salary information, and yet more PII contained in employee W-2 forms.

Prosecutors say that Johnson allegedly sold the PII of doctors, nurses and other medical center employees - including W-2 tax forms - on dark web markets between 2014 and 2017.

It's another year and once again I'm sitting on tens of thousands of fresh names, SSN, DOB, bank routing/account numbers and payroll data600 employees is not huge in my book when I can spend time swiping the payroll of a company with 10,000+ employees or raiding the HR system of an institution with tens to hundreds of thousands of names.


News URL

https://nakedsecurity.sophos.com/2020/06/22/hacker-indicted-for-stealing-65k-employees-pii-in-medical-center-hack/