Hacker gets 10 years in prison for extorting US healthcare provider
by Bill Toulas · BleepingComputerRobert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts.
As showcased in the indictment, prosecutors linked multiple data theft and blackmail incidents to Purbeck (also known online as "Lifelock" and "Studmaster").
In 2017, he bought network access to a computer server of a medical clinic in Georgia on a darknet marketplace. He then leveraged this access to steal the personally identifiable information (PII) of 43,000 individuals, including their names, addresses, and social security numbers.
In February 2018, Purbeck bought access to a Georgia-based police department server, which enabled him to steal reports, documents, and PII of 14,000 people after hacking into the City of Newnan's systems.
Months later, in July 2018, the man demanded a ransom from a Florida orthodontist for not leaking his patients' stolen files. Purbeck continued harassing him and his patients for more than 10 days with many emails and text messages, threatening to sell their personal and health data unless the ransom was paid.
"Purbeck also identified the names and social security numbers of [his] minor children and threatened to disclose and sell their personal information as well," the indictment further reveals.
While raiding his home in August 2019, the FBI found the data of more than 132,000 people on seized devices, likely stolen in multiple data breaches over the years.
"On Aug. 21, 2019, the FBI executed a federal search warrant at Purbeck's home in Meridian," the U.S. Justice Department said in a Wednesday press release.
"During the search, the FBI seized multiple computers and electronic devices, which contained personal information of over 132,000 individuals, obtained through Purbeck's numerous data breaches."
In March, the man pleaded guilty to two counts of intentionally accessing and obtaining information from a protected computer without authorization and was sentenced to ten years in prison.
In addition to the main sentence, Purbeck will serve three years of supervised release and pay his victims over $1,048,700 in restitution.