The Man behind the UPMC Data Breach - More than meets the eye


In 2014 a hack reportedly left 65,000 people vulnerable by exposing a lot of their information. After the breach, all the information has been sold on the dark-net to different buyers around the world. Behind it, a Michigan resident that just plead guilty to 2 of the 43 charges laid against him. The charges are for breaching a database belonging to the University of Pittsburgh Medical Center (UPMC).

The Charges

Following the developments in court Justin Sean Johnson is being set up for sentencing in the US. The 30-year-old defendant is being expected to be judged by District Chief Judge Mark Hornak within four months. At this time, the threat actor is being held at the Butler County Prison. That is where he appeared for his last hearing on video.

Speculators suggest that Johnson is facing a possible maximum prison sentence of 7 Years. This sentence is not that too harsh considering he plead guilty to only two of the forty three counts against him.

Johnson pleaded guilty to aggravated identity theft and one count of a conspiracy. This comes despite admitting to all the accusations of conduct that were attached to an indictment. The indictment memorandum was prepared by the U.S. District Court of for the Western District of Pennsylvania.

The hacking of UPMC

Specific charges were raised by the prosecutors against the defendant. Those charges were anchored to the accusation that the suspect stole personal data from UPMC. This includes names, Social Security numbers, residential addresses, employment data and more.

Johnson then went on to use the online moniker “The Dearth Star” and later “Dearthy Star” to distribute the data. All the stolen data has been sold to different dark-net buyers across various countries. This personally identifiable information was later used to conduct countless scamming campaigns.

According to the court, the defendant left thousands of people at risk. To be more precise, 65,000 people were left open to years of potential fraud. Typically such data is purchased by cyber-criminals and uses to orchestrate phishing campaigns. The IRS, part of the prosecution also had some comments to make. It was mentioned that the IRS had a host of false tax returns filed back in 2013.

A 2020 press release published in the Department of Justice (DoJ) revealed a lot of information. It was claimed that the defendant tried filing tax return claims for hundreds of thousands of dollars. These were then turned into amazon gift cards and used to purchase items that were sent to Venezuela.

Investigation uncover more than expected

Apart from the UPMC data that was stolen from the breach, investigators made an interesting discovery. When going through the computers confiscated during Johnson's arrest in 2020, more was uncovered. An additional 89,310 more victims of identity theft were found.

Authorities claim that the massive amount of data is said to belong to a host of medical centers and educational institutes. Among all the institutes that had data breached, was the Butler University and Daytona State College.

Additionally, U.S. law enforcement found the communication channels used by the actor. This yielded a lot of information on the defendant. It was also reported that Johnson was using the chats to share tax advice with other criminals. He also used the channel to share his extensive experience with the PeopleSoft software. This was the software used by UPMC.

More evidence recovered from his computers revealed some more clues. Johnson's computer reportedly revealed more than 1,000 Google searches related to the term PeopleSoft. It is believed that the keen interest and experience in that software is what allowed him to compromise UPMC. Furthermore, Johnson was paranoid of what's to come. Investigators found multiple google searches related to his charges. This included the charges found in the federal court database and national criminal warrants.


This case is not a surprise to anyone. Cybercrime has been skyrocketing in recent years, partly thanks dark-net growth. As investigators are still uncovering details more information on the case is expected to surface. It is fairly certain that more information will be revealed and that Johnson was involved in more than just the UPMC breach.