DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

“Lifelock” pleads guilty to hacking and fraud charges

Posted on March 19, 2024 by Dissent

Earlier today, Robert A. Purbeck of Idaho, aka “Lifelock” and “Studmaster,” pleaded guilty in an Atlanta federal courtroom to two counts of an 11-count indictment filed against him in 2021. The two counts charged violation of Title 18, United States Code/ Sections 1030(a)(2)(C)/ 1030(c)(2)(B)(i) and 1030(c)(2)(B)(iii) and Section 2, more commonly known as the Computer Fraud and Abuse Act (CFAA).

DataBreaches summarized some background on Purbeck’s case earlier this month and has reported on him since 2017 when he first contacted this site about two of his hacks and extortion attempts involving entities in the medical sector. The indictment in the Northern District of Georgia was not for those two attacks, however, but it was his voluntary disclosures about those attacks and this site’s reporting on him that caught law enforcement’s attention. In 2019, they obtained and executed a search warrant at his home, and in 2021, he was indicted for three other attacks: the Family Medical Center in Georgia, Newnan City in Georgia, and what had previously been described as an orthodontist in Wellington, Florida.

What Can He Be Sentenced To?

In pleading guilty to Counts 1 and 2 of the indictment,  Purbeck faces the following sentencing guidelines for each of the two counts:

  • Maximum term of imprisonment: 5 years.
  • Mandatory minimum term of imprisonment: None.
  • Term of supervised release: 0 to 3 years
  • Maximum fine: $250,000.00, due and payable immediately.
  • Full restitution, due and payable immediately, to all victims of the offense(s) and relevant conduct.
  • Mandatory special assessment: $100.00, due and payable immediately.
  • Forfeiture of any personal property that was used or intended to be used to commit or to facilitate the commission of the offense; and any property, real or personal, constituting or derived from, any proceeds obtained, directly or indirectly, as a result of the offense.

Both the prosecution and the defense will provide their recommendations on enhancing or reducing the sentence.  It will be up to the judge to make the final determination on sentencing, but the prosecution has agreed to recommend that Purbeck be sentenced to no more than 70 months in prison to be followed by a term of supervised release.

Restitution

Purbeck has agreed to pay $1,048,702.98 in restitution to victims.  As the plea agreement reveals, the review of devices seized from his home uncovered  personally identifiable information for at least 132,725 individuals, “obtained through numerous data breaches, including Family Medical Center and the City of Newnan, as well as at least 17 other victims throughout the United States.”

Three of those 17 other victims were the incidents Purbeck had told DataBreaches about:  Andrea Yaley, DDS, and  Holland Eye Surgery & Laser Center in Michigan, and the Mayor of Holland, Nancy DeBoer.

The amount of restitution to be paid to each victim will be determined at or before sentencing, but Purbeck has agreed to pay restitution to the following victims:

  • Andrea Yaley, DDS — $92,095.00
  • City of Newnan — $113,935.00
  • Nancy DeBoer — $400.00
  • Family Medical Center — $138,500.00
  • Golden Heart Administrative Professionals — $142,568.85
  • Holland Eye Care — $130,174.00
  • Simon Orthodontics — $285,980.13
  • Ursa Farmers Co-Op — $ 145,050.00Total:  $ 1,048,702.98

Ironically, it seems Holland Eye Surgery & Laser Center will receive restitution for its expenses, but has yet to experience any significant consequences for its willful failure to notify HHS and patients of the breach in 2016 when it occurred and when they first discovered it.  DataBreaches is still waiting for HHS OCR to respond to a request for an update on the watchdog complaint filed about the entity’s non-disclosure of a reportable breach.

Other Provisions

Because Purbeck has sued a number of law enforcement and government employees alleging civil rights violations and other violations, DataBreaches took particular note of a  FOIA/Privacy Act Waiver included in the agreement:

The Defendant hereby waives all rights, whether asserted directly or by a representative, to request or receive from any department or agency of the United States any records pertaining to the investigation or prosecution of this case, including, without limitation, any records that may be sought under the Freedom of Information Act, Title 5, United States Code, Section 552, or the Privacy Act of 1974, Title 5, United States Code, Section 552a.

In another provision, Purbeck also agreed “to hold the United States of America, its agents and employees, harmless from any claims whatsoever in connection with the seizure, abandonment, disposition, and destruction of the listed property.”

It is not clear to DataBreaches whether this means that his lawsuit in Idaho (Purbeck v. Wilkinson et al.) will be dropped. DataBreaches has contacted defense counsel for the FBI agents named as defendants to inquire what these provisions might mean for that case, and will update this post if he replies.

Purbeck’s sentencing is scheduled for June 18, 2024  at 10:30 AM in Newnan Division of U.S. District Court for the Northern District of Georgia.

Related posts:

  • Idaho man who hacked medical entities and made vile threats sentenced to 10 years in prison (1)
  • Update: U.S. v. Robert Purbeck aka “Lifelock”
  • Idaho man charged with hacking into the computers of the City of Newnan and metro-Atlanta medical clinics
  • BUSTED? A blackhat’s revenge exposes a 2-year old patient data hack that Holland Eye Surgery & Laser Center failed to disclose
Category: BlogHackHealth DataOf NoteU.S.

Post navigation

← The 2024 Breach Barometer reports a staggering 171 million patient records breached. And that’s just the ones we know about.
Another plastic surgery group has fallen victim to a ransomware attack – Long Island Plastic Surgical Group/NYSPG (2) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.