Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Man Gets 7 years In Prison For Hacking 65K Health Care Employees

Man Gets 7 years In Prison For Hacking 65K Health Care Employees

Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seven years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC).

After breaching UPMC’s human resources databases, Johnson stole the Personally Identifiable Information (PII) and W-2 info (including names, Social Security numbers, addresses and salary information) of more than 65,000 employees and sold it on the dark web.

UPMC is Pennsylvania’s largest healthcare provider with over 90,000 employees working in 40 hospitals and 700 doctors’ offices and outpatient sites.

Also Read: Revised Technology Risk Management Guidelines of Singapore

In 2020, Johnson was charged in a forty-three count indictment with conspiracy, wire fraud, and aggravated identity theft. One year later, he pleaded guilty to stealing and selling the PII and W2 info of tens of thousands of UPMC employees.

“Justin Johnson stole the names, Social Security numbers, addresses and salary information of tens of thousands of UPMC employees, then sold that personal information on the dark web so that other criminals could further exploit his victims,” said Acting U.S. Attorney Kaufman on Monday.

“Today’s sentence sends a deterrent message that hacking has serious consequences.”

AlphaBay Market ad
AlphaBay Market ad

Massive campaign of further scams and theft

Johnson breached UPMC’s network in early December 2013 after hacking the health care provider’s Oracle PeopleSoft human resource management system.

The same day, he gained access to the PII of roughly 23,500 UPMC employees after running a test query on the compromised HR database.

Between January 21 and February 14, 2014, he continued querying the database multiple times per day to steal the PII of tens of thousands of UPMC employees.

Also Read: September 2021 PDPC Incidents and Undertaking: Lessons from the Cases

In 2014 alone, the stolen UPMC employee PII sold by Johnson on the dark web was used by fraudsters to file hundreds of false 1040 tax returns and claim approximately $1.7 million in false tax refunds which were converted into gift cards.

Evolution dark web marketplace ad
Evolution dark web marketplace ad

In all, between 2014 and 2017, Johnson stole and sold almost 90,000 additional (non-UPMC) sets of PII data to his dark web clients, who likely used it for identity theft and bank fraud.

“The actions of criminals like Justin Johnson can have long-lasting and devastating effects on the lives of innocent people,” added Yury Kruty, Acting Special Agent in Charge of IRS-Criminal Investigation.

“Johnson carried out his intricate scheme with no regard for his victims. Today’s sentencing will hopefully be a deterrent to other potential crooks who may be considering carrying out similar conduct.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us