Industry - Data Breach
Executive Summary
A Romanian national was sentenced to 56 months in federal prison for hacking into Oregon's Department of Emergency Management network in 2021 and selling access to buyers, along with stolen personal data including names, email addresses, birth dates, and passport numbers of individuals in the system. He also sold access to nearly a dozen other U.S. victims' networks, resulting in at least $250,000 in total losses. The case highlights ongoing risks to government systems and the trafficking of ...
What Happened
In June 2021, a Romanian national named Catalin Dragomir hacked into the Oregon Department of Emergency Management's computer network and sold unauthorized access to a buyer. During the transaction, he provided samples of stolen personally identifiable information including names, email addresses, birth dates, and passport numbers of individuals whose data was stored in the system. Dragomir also sold access to nearly a dozen other U.S. victim networks, causing at least $250,000 in total losses, and was sentenced to 56 months in federal prison in May 2026 after being extradited from Romania.
Who Is Affected
Individuals whose personal information was stored in the Oregon Department of Emergency Management's system had their names, email addresses, dates of birth, and passport numbers exposed and sold. Nearly a dozen other organizations across the United States were also compromised, though specific details about those victims and the individuals affected are not provided in the source material.
Why It Matters
This case demonstrates the persistent vulnerability of government computer systems to unauthorized access and the active market for selling such access to criminal buyers. The breach exposed sensitive government-held data including passport numbers, and the trafficking of network access across multiple victims highlights how a single attacker can compromise numerous organizations. The multi-year gap between the 2021 breach and the 2026 sentencing also illustrates the lengthy timeline often required for international cybercrime prosecution.
What You Should Do
If you believe your information may have been stored in Oregon's emergency management systems around 2021, contact the Oregon Department of Emergency Management to determine if you were affected and what specific data may have been compromised. Monitor your financial accounts and credit reports for suspicious activity, particularly if your passport number was potentially exposed. Consider placing a fraud alert or credit freeze with the major credit bureaus to prevent identity thieves from opening accounts in your name.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- Romanian National Sentenced for Selling Access to Networks of Oregon State Government Office
- Romanian gets 5 years in prison for hacking Oregon govt network
- Carnival confirms data breach impacting nearly 6 million - Malwarebytes
- Cruise giant Carnival confirms data breach affecting nearly 6 million people - The Record from Recorded Future News
- Canadian man gets 33 years for using social media to coerce US children into sending sexual content