A 46-year-old Romanian national found guilty of hacking into an Oregon state government office and other cyberattacks was sentenced on Tuesday to 56 months in prison.

Catalin Dragomir pleaded guilty to one count of aggravated identity theft and one count of obtaining information from a protected computer in February.

The sentencing is a big win for prosecutors, who have rarely nabbed hackers accused of breaching municipal government offices.

Dragomir was arrested in Romania in November 2024 and brought to the U.S. last year to face charges for hacking into the network belonging to Oregon’s Office of Emergency Management. He had faced up to seven years in prison.

Using the name “inthematrixl” online, Dragomir typically relied on the dark web to peddle access to networks and services, prosecutors said.

In June 2021, he allegedly placed an ad on a cybercriminal platform for administrative credentials hackers could use to break into the emergency management office. 

Dragomir succeeded in selling the credentials after breaching the network on several occasions, sending sample screenshots of the system and sharing login credentials belonging to an employee in the office. 

The data he shared included the employee’s name, email address, date of birth and Social Security number, according to prosecutors.

In addition to the Oregon hack, Dragomir also broke into systems belonging to 10 other American companies, costing the firms at least $250,000.