A Romanian man has admitted in federal court in Portland that he broke into a computer tied to an Oregon state government office, then turned that access into something he could sell online. His guilty plea in U.S. District Court covers one count of obtaining information from a protected computer and one count of aggravated identity theft, wrapping up a case that stretches back to a 2024 federal grand jury indictment and an international arrest and extradition late that same year.
Catalin Dragomir, 45, formerly of Constanta, Romania, entered his guilty plea on Wednesday to those two counts, according to KPTV. Prosecutors say Dragomir did not just slip into the Oregon-connected computer; he then sold that access to another person online and handed over samples of personal identifying information to prove he had control. The U.S. Attorney’s Office for the District of Oregon is leading the prosecution.
How Prosecutors Say The Breach Unfolded
According to court filings, the intrusion traces back to June 2021, when Dragomir allegedly gained unauthorized access to a machine connected to an Oregon state office and later sold that access to others, as reported by Replica Online. Romanian courts signed off on a U.S. extradition request in late 2024, and authorities there arrested him in November before he was transferred to the United States in January 2025. Foreign reporting says the extradition paperwork referenced additional money-laundering allegations tied to cryptocurrency movements as part of a broader investigation.
Penalties And Next Steps
Federal law treats Dragomir’s two counts very differently. The underlying computer-intrusion offense falls under the Computer Fraud and Abuse Act, which can carry a sentence of up to five years when certain harms are involved. The aggravated identity theft count is more rigid. It comes with a mandatory two-year prison term that must run consecutive to any other sentence, according to the U.S. Sentencing Commission. On top of prison time, federal law allows for fines and restitution, and the mandatory identity-theft penalty leaves the judge with limited discretion on that part of the sentence.
Restitution, Crypto And Sentence Date
As part of his plea deal, Dragomir agreed to forfeit cryptocurrency that investigators tied to the crimes and to pay full restitution to victims. Prosecutors say the intrusions caused at least $250,000 in losses. A federal grand jury in Portland indicted him in May 2024 on charges that included computer intrusion, money laundering and identity theft, and he was arrested overseas before being extradited to the United States, according to prosecutors. Sentencing is set for May 26, 2026, in U.S. District Court, according to KPTV.
