Cyber Threat Actor: Nicole Milan
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
Nicole Milan, also known by the alias Nicole Milan, is a hacker based in the United States. She is identified as a habitual offender who collaborated with Gordon Welterlen in a cybercrime scheme. At the time of the offense both individuals resided in San Diego, California. Their prior criminal histories contributed to their classification as habitual offenders by the court. This background was referenced during sentencing proceedings after the breach was uncovered. No public information links her to any state‑sponsored group or larger criminal consortium. Her known activity is limited to the incidents described in publicly available reports.
On March 25, 2020, Nicole Milan and Gordon Welterlen hacked the computer network of Wolf & Associates Property Management in Santa Barbara County, California. The targeted sector is real estate property management, which maintains extensive personal data of its clients. The attackers exfiltrated personal information belonging to more than nine thousand individuals from the firm’s systems. Using the stolen data, they submitted over three hundred fraudulent unemployment claims to the state agency. The false claims yielded illicit proceeds exceeding two million dollars. The funds were used to purchase luxury vehicles, specifically a Mercedes and two Jaguars, to lease high‑end apartments, and to acquire narcotics. The breach was reported by Databreaches.net on April 3, 2020, detailing the extent of the theft and subsequent fraud.
Both perpetrators pleaded guilty to multiple felony charges related to the identity theft and fraud scheme. Their admissions included acknowledging the hacking of the Wolf & Associates network and the misuse of client data. As a result of the pleas, Nicole Milan and Gordon Welterlen received a combined prison sentence of thirty‑three years. The sentence reflects the severity of the financial harm caused to victims and the misuse of public unemployment funds. No specific malware families, exploit tools, or initial access vectors are described in the source material for this operation. Consequently, the threat actor’s technical profile is limited to the general act of network intrusion and data exfiltration. This case remains the sole publicly documented campaign attributed to Nicole Milan.
