A 45-year-old Romanian citizen pleaded guilty Thursday to selling stolen personal login credentials that provided access to Oregon’s emergency management computer network.
Catalin Dragomir admitted that in 2021 he sold access to the Oregon Department of Emergency Management’s network after one of the department’s computers was breached. He offered the access credentials for sale on the dark web.
Dragomir, 45, of Constanta, Romania, pleaded guilty to obtaining information from a protected computer and aggravated identity theft.
Dragomir advertised “admin access” to a network that included three servers and 50 computers connected to the state’s emergency management department, according to federal prosecutors.
He negotiated a $3,000 Bitcoin sale and provided a buyer with screenshots of a state employee’s personal information, including the employee’s name, date of birth, Social Security number and email address. The sale took place on June 16, 2021.
The sale of personal logins could allow unauthorized users to install ransomware or commit cyberattacks.
As part of his plea agreement, Dragomir also admitted that he sold login credentials to computer networks of at least 10 other U.S.-based victims, causing losses of at least $250,000, according to court records.
He was arrested in Romania in November 2024 and extradited to the United States in January 2025. He is scheduled to be sentenced on May 26 before U.S. District Judge Michael H. Simon.