Fraudster admits she was OPM dealer: Leaked US govt staff files used to bag cash, car loans
Woman cops to using stolen records to open bank accounts
A woman has fessed up to using people's personal information, leaked online from the US government's Office of Personnel Management mega-hack, to take out loans and open bank accounts.
Karvia Cross, 39, of Bowie, Maryland, USA, pleaded guilty on Monday in the eastern district of Virginia to one count of identity theft and conspiracy to commit bank fraud. She faces anywhere from two to 30 years when sentenced this Fall.
Cross admitted to working with other fraudsters – five more people were charged in the case and one person beside Cross has already pleaded guilty – to use the names, dates of birth, and social security numbers of strangers to apply for and receive loans from the Langley Federal Credit Union in Virginia.
In this case, prosecutors said, those details were taken from the massive cache of data leaked online following the 2015 database security breach of Uncle Sam's OPM. That network intrusion was thought to have affected more than 21 million people. How exactly she obtained the data is not entirely clear.
US OPM boss quits after hackers stole chapter and verse on 21.5m Americans' livesREAD MORE
Shortly after word of the hack surfaced, Cross and other defendants began using the information to create new bank accounts with the credit union and apply for personal and automotive loans, prosecutors said. According to legal documents, the bogus loan scam continued into "at least" 2016.
"LFCU disbursed loan proceeds via checks and transfers into the checking and savings accounts opened through these fraudulent applications," the Department of Justice officials explained.
"Vehicle loan proceeds were disbursed by checks made payable to individuals posing as vehicle sellers, while personal loan proceeds were disbursed to LFCU accounts opened in connection with the fraudulent loan applications and transferred to accounts of others. Cross and others then accessed and withdrew the fraudulently obtained loan proceeds."
The case shows just how long data leaks can linger for the companies and governments who fall victim. In this case, we are more than three years on from the OPM's disclosure of the infiltration and extraction, with legal proceedings related to the case continuing at least into the Fall. ®
Sponsored: Becoming a Pragmatic Security Leader