Skip to main content
Emerging ThreatsData Breaches

Romanian Hacker Sentenced for Breaching Oregon Govt Network

Courthouse interior with judge's bench and computer in foreground.

Fifty-six months: that is the prison term a U.S. court imposed this week on a Romanian national who admitted to breaking into an Oregon state emergency-management network and selling access — and sensitive personal data — to buyers in the United States.

Catalin Dragomir, the charges, and the sentence

Forty-six-year-old Catalin Dragomir of Constanta, Romania, who used the online handle "inthematrixl," pleaded guilty on February 19 to one count of aggravated identity theft and one count of obtaining information from a protected computer. This week a federal court sentenced him to 56 months in prison. The statutory scheme underpinning the sentence includes a maximum five-year term for the computer-intrusion conviction followed by a mandatory consecutive two-year term for the identity-theft conviction. In addition to incarceration, the court ordered a fine of $250,000, three years of supervised release, and the forfeiture of approximately 23 Monero (XMR) — a cryptocurrency — valued at roughly $8,500.

The Oregon intrusion and sale of personally identifiable information

According to court filings, Dragomir gained unauthorized access in June 2021 to a computer on the network of the Oregon Department of Emergency Management (identified in filings by its then-name, the Oregon Office of Emergency Management). Prosecutors say Dragomir sold that access to a prospective buyer and supplied samples of personally identifiable information taken from the compromised device. The samples allegedly included names, email addresses, dates of birth, and passport numbers.

Broader U.S. impact: multiple victims and quantifiable losses

Prosecutors say the Oregon breach was not an isolated act. Dragomir reportedly sold access to networks belonging to nearly a dozen other victims across the United States. Those sales, prosecutors contend, produced total losses of at least $250,000. The case record ties the defendant’s activity not only to a single state agency but to a chain of intrusions and transactions that resulted in concrete financial harm to multiple U.S. victims.

International cooperation: arrest in Romania and extradition

Dragomir was arrested in Romania in November 2024 after coordination among the U.S. Justice Department’s Office of International Affairs and multiple Romanian legal authorities, including the Romanian Ministry of Justice, the Directorate for International Law and Judicial Cooperation, and the Romanian Judiciary. He was extradited to the United States in January 2025. The investigation itself was led by the FBI’s Portland Field Office and prosecuted by the Justice Department’s Computer Crime and Intellectual Property Section (CCIPS).

What this means for state agencies, security teams, and prosecutors

  • For state agencies and affected enterprises: the case underlines that access to a single device on a state network can translate into exposure of high-value PII — here, including passport numbers — and can be monetized by sellers to produce measurable financial loss. Agencies operating emergency-management systems and similar networks will watch this outcome for how courts treat theft of identity data and resulting penalties.
  • For technologists and security teams: prosecutors’ allegations that access was sold and samples of PII were provided to buyers highlights a specific criminal business model — compromise, extraction of identifying data, and sale of both access and samples to establish credibility. Detection and incident response playbooks that assume single-victim consequences may need to account for subsequent resale and downstream misuse.
  • For prosecutors and international legal partners: the November 2024 arrest in Romania and January 2025 extradition demonstrate operational coordination across borders — from the DOJ’s Office of International Affairs to Romanian judicial authorities — that enabled the defendant’s transfer to the United States for prosecution.

Context inside the Justice Department's cyber enforcement work

The CCIPS prosecution in this matter is one of many recent judicial outcomes the Justice Department has cited in public statements: since 2020, the Computer Crime and Intellectual Property Section has secured court orders to return over $350 million in victim funds following convictions against more than 180 cybercriminals and intellectual-property criminals. In a separate announcement this week, the department also publicized the sentencing of a Canadian man to 33 years in prison after admitting to an eight-year sextortion scheme that targeted over 145 children across the United States.

The court’s sentence in the Dragomir case ties prison time, a large fine, supervised release, and forfeiture of cryptocurrency to both the technical intrusion and the identity-theft elements prosecutors alleged. For state entities that manage sensitive PII — and for the international partners that assist when suspects are abroad — the outcome registers as a concrete example of how transnational investigations can lead to domestic prosecution and tangible remedies.

Source: BleepingComputer report on the case