Catalin Dragomir, a Romanian hacker, gained unauthorized access to a computer within the Oregon Department of Emergency Management's network in June 2021. He sold access to this network and others belonging to nearly a dozen U.S. victims, providing buyers with samples of personally identifiable information such as names, email addresses, dates of birth, and passport numbers. Dragomir pleaded guilty to aggravated identity theft and obtaining information from a protected computer, resulting in a federal prison sentence and forfeiture of cryptocurrency. The incident led to financial losses of at least $250,000. The case was investigated by the FBI and prosecuted by the U.S. Justice Department, with international cooperation facilitating Dragomir's arrest and extradition.

The unauthorized access and subsequent sale of network access and personally identifiable information led to financial losses of at least $250,000. Victims included the Oregon Department of Emergency Management and nearly a dozen other U.S. entities. The compromise exposed sensitive personal data, including names, email addresses, dates of birth, and passport numbers, potentially increasing risks of identity theft and fraud for affected individuals. The case resulted in criminal prosecution and incarceration of the perpetrator.

The source content does not provide specific technical details about the exploited vulnerability or remediation steps. Since this is a criminal case involving unauthorized access, organizations should ensure robust access controls, monitor for unauthorized access, and protect personally identifiable information. No patch or official fix is mentioned. Patch status is not yet confirmed — check the vendor advisory or affected organizations for current remediation guidance.