Skip to main content
Press Release

Former Shelby County Man Agrees to Plead Guilty to Illegally Accessing Women's Computers to Obtain Explicit Photographs

For Immediate Release
U.S. Attorney's Office, Northern District of Alabama

BIRMINGHAM – Federal prosecutors today charged a former Shelby County resident with illegally accessing e-mail and cloud storage accounts of at least 50 women to obtain personal data, including explicit photographs, announced acting U.S. Attorney Robert O. Posey and FBI Special Agent in Charge Roger C. Stanton.

In a one-count information filed in U.S. District Court, the U.S. Attorney’s Office charges KEVIN M. MALDONADO, 35, now living in North Carolina, with intentionally accessing the Gmail account of K.M., and the documents and images therein, without her permission in order to invade her privacy. Maldonado has agreed to plead guilty to the charge. Prosecutors filed a plea agreement, under seal, in conjunction with the charging document.

The information charges that Maldonado was able to get into the accounts of K.M. and the other women by obtaining their logins and passwords through a “phishing” attack, or by using open-source information or information obtained from the victims to determine their login and password information, or to answer security questions necessary to reset their login and password information. Maldonado knew some, but not all of the women victimized, according to the charges.

“Predators use the internet to target innocent victims,” Posey said. “We continue to work with our law enforcement partners to track and prosecute online criminals, but anyone who has an e-mail or other online account should protect themselves by protecting their login and password information. Don’t share it with friends or acquaintances or respond to unsolicited requests for that, or other personal information.”

“This case is a good reminder for all of us to maintain good computer security practices,” Stanton said. “Always be cautious of unsolicited telephone calls, e-mails and text messages, especially those asking you to supply account information. If you feel you have been a victim of a computer crime, please report it to the FBI’s Internet Crime Complaint center,”

Maldonado phished for some of the victims’ login and password information by creating fictitious e-mail addresses and posing as an administrator for an e-mail provider, according to the information. Using the fictitious e-mail addresses, he sent the victims e-mails telling them their accounts may have been compromised and requesting their passwords.

Once the defendant accessed the victims’ accounts, he downloaded their data, including personal identifying information and personal photographs and videos, including images of the victims nude, partially nude, or engaged in sexual activity, according to the information.

In at least one instance, Maldonado responded to an e-mail from a victim’s contact, posing as the victim, and requested explicit photographs, according to the information. Maldonado organized and catalogued, by victim, the information he obtained through unauthorized computer access and stored the information on an external hard drive, the information charges.

The maximum penalty for unauthorized computer access in furtherance of an invasion of privacy is five years in prison and a $250,000 fine.

The FBI investigated the case, which Assistant U.S. Attorney Erica Barnes is prosecuting.


Updated January 26, 2017