Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Hacker Caught Stealing Personal Data of 132,000 Individuals Pleads Guilty

Idaho man pleads guilty to hacking charges over cyberattacks he conducted in 2017 and 2018, which involved data theft and extortion.

A man from Meridian, Idaho, has pleaded guilty to hacking-related charges after investigators found evidence that he had targeted more than a dozen entities in cyberattacks that involved data theft and extortion. 

According to the Justice Department, 44-year-old Robert Purbeck, aka Lifelock and Studmaster, conducted one attack in 2017, when he used credentials acquired from a dark web marketplace to access the systems of a medical clinic in Georgia. 

After gaining access to the company’s systems, he obtained medical records and other documents containing the personal information of roughly 43,000 people, including social security numbers.

A few months later, in 2018, he acquired compromised credentials that gave him access to a server used by the police department of the City of Newnan in Georgia. He used the access to steal police reports and documents containing the personal information of 14,000 individuals.

Investigators tracked him down and executed a search warrant at Purbeck’s home in August 2019. The search revealed that he had been in possession of 132,000 personal data records obtained from the City of Newnan, the medical clinic, and at least 17 other victims located in the United States. 

Purbeck, who has pleaded guilty to computer fraud and abuse charges, will be sentenced on June 18. As part of his plea agreement, he has agreed to pay over $1 million in restitution to the entities he targeted. 

Authorities mentioned that the man had attempted to extort some of his victims. 

Back in 2018, a hacker using the online moniker Lifelock had told DataBreaches.net that he had hacked into the systems of an eye surgery center in Michigan, which at the time told the Department of Health that the details of 42,200 patients had been compromised in a data breach.

Advertisement. Scroll to continue reading.

Lifelock said at the time that he had requested a $10,000 ‘security fee’ from the company for helping it secure patient data. He also claimed to have sold some of the stolen data on the dark web when the firm refused to pay up.

Related: US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea

Related: Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison

Related: Moldovan Operator of Credential Marketplace Sentenced to US Prison

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.