Menu
Browse

Cyber Threat Actor: Colbi Trent Defiore

Actor Type Location Known Incidents
 Icon
Criminal
United States of America
1 incident
Profile

Colbi Trent Defiore,also known by the alias Colbi Trent Defiore, is an individual who resided in Carriere, Mississippi at the time of the offending conduct and was employed as a seasonal worker for a technology company that operated contact centers supporting the Centers for Medicare & Medicaid Services in Bogalusa, Louisiana. The actor’s known identity is tied to a single alias used in legal documents and media reporting, with no additional aliases publicly disclosed. Defiore’s role provided legitimate access to systems handling personally identifiable information from Healthcare.gov users, which was later exploited for personal financial gain.

The actor’s targeting was confined to the United States healthcare sector, specifically the Healthcare.gov platform administered by the Centers for Medicare & Medicaid Services, and the geographic scope of the activity spanned Louisiana where the work was performed and Mississippi where the actor resided. The strategic objective demonstrated in the incident was financial profit, as Defiore used the stolen personal data to fraudulently apply for credit cards, loans, and lines of credit for personal benefit, resulting in losses exceeding $500,000 for the affected organizations. No evidence indicates objectives related to espionage, disruption, or state‑sponsored motives in the publicly available reporting.

Notable tactics, techniques, and procedures observed in the case involved insider abuse of legitimate credentials rather than external intrusion; Defiore conducted unauthorized bulk searches of the Healthcare.gov database, copied the results to a clipboard, emailed them to a work account, and later retrieved the data via remote, unauthorized access to that work email. No malware families, custom tooling, or exploit kits were referenced in the reporting, and the initial access vector was solely the actor’s privileged position as an employee. Attribution to any state nexus, criminal consortium, or larger threat group has not been established publicly, and the incident is treated as a solitary insider threat. The publicly reported operation representing Defiore’s activity is the November 2018 Healthcare.gov data theft that led to federal charges, a 42‑month prison sentence, three years of supervised release, and a $100 special assessment fee.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source