A former Virginia high school teacher is the fifth person charged in an investigation into the 2014 “celebgate” scandal in which hackers obtained nude photographs and other private information from more than 200 people, including celebrities.
Documents filed in federal court show that Christopher Brannan, 30, a former teacher at Lee-Davis High School, has agreed to plead guilty to charges of aggravated identity theft and unauthorized access to a protected computer.
The case was originally filed in Los Angeles, but was transferred to Virginia, where Brannan lives.
Thom Mrozek, a spokesman for the U.S. Attorney’s Office in Los Angeles, confirmed Wednesday that Brannan is charged in the “celebgate” investigation.
Mrozek would not release the names of the celebrities. But at the time, actress Jennifer Lawrence acknowledged that she was a victim of the hack.
Mrozek said prosecutors have linked Brannan to the hacking, but not to the leak of nude photographs in 2014.
Lawrence contacted authorities after naked photos of her began appearing online. Actress Mary Elizabeth Winstead also confirmed that nude photos of her were posted online.
Under a plea agreement, Brannan’s lawyer and prosecutors will recommend a prison sentence of nearly three years. A hearing is scheduled Monday in Richmond.
A statement of facts filed with Brannan’s plea agreement says that between August 2013 and October 2014, in Los Angeles County, Virginia and elsewhere, Brannan hacked into internet and email accounts, including Apple iCloud, Yahoo! and Facebook. He was then able to obtain iCloud backups, photographs and other private information belonging to the victims.
The statement said Brannan would gain access to accounts by researching the social media accounts of victims to learn answers to their security questions to access their email accounts.
Brannan also admitted using fraudulent email addresses designed to look like Apple Inc. security accounts. The emails would ask the victims to provide their usernames and passwords to their internet accounts.
Because the emails appeared to be from Apple, the victims would provide the information. Brannan would then use it to access the victims’ email accounts, where he obtained personal information, such as “sensitive and private photographs and videos.”
Court documents do not include the names of the victims. A spokesman for prosecutors said the victims’ names will not be released.
Brannan could not immediately be reached for comment. His lawyer, Abraham Del Rio III, did not respond to requests for comment.
Joshua Stueve, a spokesman for U.S. Attorney G. Zachary Terwilliger, said prosecutors will not release the names of the victims to protect their privacy.
Chris Whitley, a spokesman for Hanover County Public Schools, said Brannan worked at Lee-Davis High School in Mechanicsville, just outside Richmond, from August 2013 to June 2015.
Whitley told the Richmond Times-Dispatch that Brannan was immediately put on administrative leave in January 2015 after school officials were notified by the FBI of an investigation. He said school officials were not given details about the nature of the investigation.
Court documents say Brannan has also admitted hacking or trying to hack accounts of current and former teachers and students at the high school.

More from Associated Press
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
- Biden Picks New NSA Head, Key to Support of Ukraine, Defense of US Elections
- White House Unveils New Efforts to Guide Federal Research of AI
- Meta Fined Record $1.3 Billion and Ordered to Stop Sending European User Data to US
- China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States
Latest News
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
- KeePass Update Patches Vulnerability Exposing Master Password
