Addiction Treatment Center Employee Accused Of Selling Patients’ Data On Dark Web
Read also: Interpol and partners take down 20K+ malicious IP addresses linked to info-stealers, a Nigerian behind hacks of American tax preparation firms gets over 5 years, and more.
Thursday, June 12, 2025
Addiction treatment center employee accused of selling patients’ data on Dark Web
Authorities in Hilliard, Ohio, are investigating a major fraud and identity theft case involving a former employee of a local addiction treatment center. The individual allegedly stole sensitive patient data, including names, birthdates, addresses, and Social Security numbers. He is accused of selling the information on the Dark Web, which was then used by cybercriminals to commit fraud, including purchasing vehicles, running up credit card bills, and buying cryptocurrency.
So far, police have identified 240 victims. The suspect also reportedly used fake IDs to purchase and resell electronics. The case came to light after an October 2024 traffic stop, during which police found fake IDs, prepaid cards, phones with criminal evidence, and a loaded gun. The man faces charges of identity fraud, forgery, and improper firearm handling.
In another interesting case, a South African cyber extortionist has been sentenced to a combined eight years’ imprisonment for cyber fraud and theft of data. According to authorities, Lucky Majangandile Erasmus, a former employee of a major African payment service provider, and his accomplice illegally installed a remote access tool on the company’s IT systems. They then contacted the company’s CEO, claiming that the key components of the company’s IT systems were breached, and demanded a ransom for not publishing confidential corporate data.
Also, Dutch police announced they identified 126 Dutch users of the Cracked.io cybercrime forum dismantled at the end of January 2025. The police said that the average age of those involved is 20, with the youngest being just 11 years old. As part of the response, many users received personal letters or emails from the police last week, and around 20 ‘stop’ conversations were conducted. Criminal files for eight individuals have been prepared and forwarded to the Public Prosecution Service. Additionally, several Telegram and Discord accounts suspected of being used for trading victim data have been deleted.
20K+ malicious IP addresses and domains linked to info-stealers dismantled in Operation Secure
Over 20,000 malicious IP addresses and domains linked to information-stealing malware have been taken down as part of a major coordinated initiative ‘Operation Secure’ conducted by Interpol and law enforcement agencies from 26 countries.
The effort ran from January to April 2025, targeting cybercriminal infrastructure worldwide. Authorities took down 79% of identified suspicious IP addresses, seized 41 servers, collected over 100 GB of critical digital evidence, and arrested 32 individuals linked to cyber crimes.
In Vietnam, police apprehended 18 suspects, including the alleged mastermind behind a criminal network involved in selling fraudulent corporate accounts. Investigators seized digital devices, business documents, and more than VND 300 million (~$11,500) in cash. Police in Sri Lanka and Nauru arrested 14 individuals and identified at least 40 victims of cyber scams. In Hong Kong, police uncovered 117 command-and-control (C2) servers used in phishing campaigns, social media fraud, and other online scams.
In a separate effort, Asian law enforcement agencies carried out a month-long operation targeting scam centers and arrested over 1,800 individuals involved in various fraud schemes, including fake investments, romance scams, and impersonation frauds, to which victims lost an estimated $225 million. Authorities froze around 32,000 scam-related bank accounts and seized $20 million. In Singapore alone, 106 arrests were made, tied to $30 million in scams, with $8 million recovered. Charges range from hacking to ID theft.
Nigerian behind hacks of American tax preparation firms gets over 5 years in prison
A Nigerian national has been sentenced to more than five years in a US prison for his involvement in a large-scale hacking, fraud, and identity theft scheme that targeted American businesses and individuals.
According to court documents, from at least 2019, Kingsley Uchelue Utulu and other conspirators based in Nigeria have been launching spearphishing campaigns against tax preparation businesses across the United States. The hackers gained unauthorized access to sensitive client data and used the stolen information to file fraudulent tax returns and claims.
As part of the scheme, the perpetrators submitted false tax filings seeking at least $8.4 million in refunds, with the conspirators successfully obtaining approximately $2.5 million. Additionally, the group exploited the Small Business Administration’s Economic Injury Disaster Loan program, securing nearly $819,000 in fraudulent funds using stolen identities.
Utulu was arrested in the United Kingdom and extradited to the United States to face charges. In addition to his prison sentence, Utulu was ordered to pay over $3 million in restitution and forfeit over $290,000.
Kazakhstan detains over 140 in Telegram data leak crackdown
Kazakh authorities have arrested more than 140 individuals accused of illegally selling citizens’ personal data through Telegram channels in what officials describe as a major bust of a nationwide data trafficking network.
According to an official statement, the suspects include business owners and alleged administrators of Telegram channels that were used to distribute the stolen information, which was reportedly extracted from government databases.
Investigators say the compromised data was sold to various third parties, including debt collection agencies. Several of these agencies were also searched during coordinated raids across the country.
Authorities seized over 400 electronic devices, including computers and smartphones, believed to have been used in the illicit operation. Those detained face potential prison sentences of up to five years and fines if convicted.
Five plead guilty in a $36.9M laundering scheme linked to Cambodian cyber scams
Five men have pleaded guilty to laundering nearly $37 million obtained through investment scams run out of cyber scam centers in Cambodia. The defendants were part of an international crime syndicate that targeted US victims with fraudulent cryptocurrency investment schemes.
According to court documents, funds collected from victims were funneled through shell companies, international bank accounts, and cryptocurrency wallets in an elaborate laundering operation.
Two of the defendants, Joseph Wong and Yicheng Zhang, pleaded guilty to conspiracy to commit money laundering. Both face up to 20 years in prison. Zhang has remained in custody since May 2024. The other three, Jose Somarriba, Shengsheng He, and Jingliang Su, admitted to conspiracy to operate an unlicensed money services business. Each faces a maximum of five years in prison. Su has been in custody since November 2024, while He and Somarriba signed plea deals in March and are currently free on bond.
In an unrelated case, Gabriel Waters, a US citizen, has been sentenced to 57 months in a US prison, followed by five years of supervised release, for his involvement in a large-scale Business Email Compromise scheme that targeted companies across the United States. The man has also been ordered to pay over $547,000 in restitution.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.