U.S. feds crack huge identity theft ring

U.S. federal investigators have uncovered a massive identity theft scheme that is thought to have spanned nearly three years and involved more than 30,000 victims.

Three men have been charged in relation to the bust, which so far has resulted in more than US$2.7 million in losses, according to a statement issued Monday by James Comey, U.S. attorney for the Southern District of New York. While the scam is believed to be the largest in U.S. history, one security specialist has said that technology is only partly to blame.

The U.S. Federal Bureau of Investigation (FBI) has arrested Philip Cummings, who is said to have started the scam while working at the help desk of Teledata Communications Inc. (TCI). The Bay Shore, N.Y., company provides banks and other entities with credit reports, combining information collected by credit rating agencies Equifax Inc., Experian Information Solutions Inc. and Trans Union LLC.

Beginning in 1999, Cummings had access to the passwords and codes used by TCI’s customers to access credit reports, authorities said. During that time, Cummings is alleged to have given passwords and codes to a co-conspirator and collected roughly US$30 for every credit report obtained using the stolen codes.

One man, Linus Baptiste, has been charged with wire fraud in relation to the case. A second man arrested, Hakeem Mohammed, has pleaded guilty to charges of mail fraud, authorities said.

With the illegally obtained credit reports, some victims reported having their bank accounts depleted, while others reporting having credit cards, checks and ATM cards sent to unauthorized locations.

The passwords and codes stolen for use in the scam belonged to various entities that request credit reports for their customers. Those entities included banks, credit services, and an apartment complex.

Ford Motor Credit Corp. is expected to be one of the hardest hit, as authorities alleged that as many as 15,000 credit reports were illegally obtained using a password and code from the creditor’s branch in Grand Rapids, Mich. Ford Motor Credit said it had been receiving complaints from its customers who had been victims of identity theft and fraud.

Other compromised passwords and codes belonged to Washington Mutual Finance Co., in Crossville, Tenn., and Washington Mutual Bank, in Fla., as well as various banks around the country. All the systems that allegedly were breached belonged to TCI customers, according to the statement.

One observer said Monday that the crime was only partially a technology problem.

“It was technology-assisted, but the real problem was that this help desk employee was given access to a token that was the launchpad for fraud,” said Jerry Brady, chief technology officer of Guardent Inc., a security research company in Waltham, Mass. “There are certainly good practices to control the authority of help desk personnel. It sounds like they weren’t being used.”

In 2000, the U.S. Federal Trade Commission reported approximately 500,000 people were victims of identity theft, according to data provided by Kroll Inc., a security consulting company in New York. In 2001, that number rose to approximately 700,000, Kroll said.