HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Romanian Hacker Sentenced to 5 Years for Breaching Oregon Emergency Management Network and Selling Access to U.S. Victims

Catalin Dragomir, a Romanian cybercriminal, was sentenced to 56 months after infiltrating the Oregon Department of Emergency Management’s network, stealing PII, and selling the access to at least a dozen U.S. entities. The case highlights the cascading risk of third‑party compromise for government and its suppliers.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
bleepingcomputer.com

Romanian Hacker Sentenced to 5 Years for Breaching Oregon Emergency Management Network and Selling Access to U.S. Victims

What Happened — Catalin Dragomir, a 46‑year‑old Romanian, pleaded guilty to aggravated identity theft and unauthorized access after infiltrating the Oregon Department of Emergency Management’s network in June 2021. He sold the compromised foothold and harvested personally identifiable information (names, email addresses, dates of birth, passport numbers) to at least a dozen U.S. buyers, causing losses of > $250 k.

Why It Matters for TPRM

  • Attackers can monetize a single breach by reselling network access, expanding the impact far beyond the original victim.
  • State‑level systems often integrate third‑party services; a compromise can cascade to those suppliers.
  • Persistent credential abuse underscores the need for continuous privileged‑access monitoring and rapid revocation.

Who Is Affected — State and local government agencies, any third‑party vendors or SaaS providers that connect to the Oregon Emergency Management network, and the downstream organizations that purchased the stolen access.

Recommended Actions — Review contracts and security controls with the Oregon Department of Emergency Management and any linked vendors; enforce MFA and least‑privilege for privileged accounts; implement continuous monitoring and threat‑intel feeds for known actor “inthematrixl”; conduct forensic scans on shared infrastructure to confirm no lingering backdoors.

Technical Notes — The exact intrusion method was not disclosed, but the pattern suggests credential theft or exploitation of unpatched services. No specific CVE was cited. Exfiltrated data included PII such as names, emails, DOBs, and passport numbers. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/romanian-gets-5-years-in-prison-for-hacking-oregon-govt-network/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

A privacy incident is a question about your consent record.

CookiePLUS and Verisq AI Trust Operations keep consent, DSAR, and data-handling evidence continuously ready — so a data-exposure event finds you prepared, not scrambling.

See how Verisq AI Trust Operations handles privacy →