A man from Meridian, Idaho, has pleaded guilty to hacking-related charges after investigators found evidence that he had targeted more than a dozen entities in cyberattacks that involved data theft and extortion.
According to the Justice Department, 44-year-old Robert Purbeck, aka Lifelock and Studmaster, conducted one attack in 2017, when he used credentials acquired from a dark web marketplace to access the systems of a medical clinic in Georgia.
After gaining access to the company’s systems, he obtained medical records and other documents containing the personal information of roughly 43,000 people, including social security numbers.
A few months later, in 2018, he acquired compromised credentials that gave him access to a server used by the police department of the City of Newnan in Georgia. He used the access to steal police reports and documents containing the personal information of 14,000 individuals.
Investigators tracked him down and executed a search warrant at Purbeck’s home in August 2019. The search revealed that he had been in possession of 132,000 personal data records obtained from the City of Newnan, the medical clinic, and at least 17 other victims located in the United States.
Purbeck, who has pleaded guilty to computer fraud and abuse charges, will be sentenced on June 18. As part of his plea agreement, he has agreed to pay over $1 million in restitution to the entities he targeted.
Authorities mentioned that the man had attempted to extort some of his victims.
Back in 2018, a hacker using the online moniker Lifelock had told DataBreaches.net that he had hacked into the systems of an eye surgery center in Michigan, which at the time told the Department of Health that the details of 42,200 patients had been compromised in a data breach.
Lifelock said at the time that he had requested a $10,000 ‘security fee’ from the company for helping it secure patient data. He also claimed to have sold some of the stolen data on the dark web when the firm refused to pay up.
Related: US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea
Related: Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison
Related: Moldovan Operator of Credential Marketplace Sentenced to US Prison