A Maryland man has been indicted on federal charges of unauthorized computer access and aggravated identity theft related to a scheme involving a Maryland medical system, according to a May 1 announcement by U.S. Attorney Kelly O. Hayes.
Matthew Bathula, age 41, of Clarksville, is accused of accessing protected computers without authorization while working as a pharmacy clinical specialist for Company A, which is located in the District of Maryland. The indictment includes two counts of unauthorized access to a protected computer and one count of aggravated identity theft.
Hayes said, “Bathula’s alleged actions are a reprehensible invasion of privacy. He betrayed the trust of his employer and co-workers, as he gained access into the private worlds of nearly 200 victims without their knowledge or consent. We, along with our law-enforcement partners, are committed to holding individuals accountable who commit cybersecurity crimes, thereby harming unsuspecting people.”
Special Agent in Charge Jimmy Paul from the FBI Baltimore Field Office said: “Matthew Bathula is accused of weaponizing technology to spy on hundreds of unsuspecting victims for eight years. I am proud of the swift and thorough response by FBI Baltimore’s team of investigators who handled this case with urgency, care, and sensitivity. They worked diligently to identify and notify each of the 195 victims, who are located around the country, in just four months. The FBI will always investigate, pursue, and hold accountable those who hide behind screens and keyboards to exploit and violate the privacy of others.”
According to court documents cited in the indictment, between July 2016 and September 2024 Bathula allegedly accessed Company A's computers using various cyber intrusion techniques such as keylogging software and mailbox-rule creation that allowed him continued access to sensitive information including usernames, passwords, images and videos belonging to nearly 200 victims affiliated with Company A. He also reportedly installed spyware that enabled video surveillance inside Company A facilities.
If convicted on all counts Bathula faces up to ten years in prison for unauthorized computer access relating to Company A systems; five years for unauthorized access concerning individual victims; plus two additional years if found guilty on aggravated identity theft charges—these sentences must run consecutively by statute.
The U.S. Attorney for the District of Maryland employs over 200 personnel across its civil criminal and administrative divisions according to its official website. The office serves nearly six million residents across Maryland according to its official website while prosecuting federal crimes handling civil cases for the government collecting debts owed—and partnering with law enforcement agencies since its origins dating back more than two centuries according to its official website.
Hayes commended both FBI investigators involved in this case as well as Assistant U.S. Attorney Thomas M. Sullivan who is prosecuting it.
