Woman Guilty of Exploiting Federal Employee Data from OPM Breaches

View this article online at https://www.fedsmith.com/2018/06/20/woman-guilty-exploiting-federal-employee-data-opm-breaches/ and visit FedSmith.com to sign up for free news updates
By on June 20, 2018 in Current Events with 0 Comments

Hacker sitting at a desk with a laptop with a question mark over his/her face depicting a cyber crime/cyber security/data breach

Update: There is new information involving this case. Be sure to read the articles included in the links at the end of the article for further details.

There was some uncertainty surrounding what would be done with the stolen data of current and former federal employees from the data breaches that took place at the Office of Personnel Management in 2015. Now we have at least one example.

A Maryland woman pleaded guilty this week to participating in a scheme to use the stolen identification information of victims from the OPM data breaches according to an announcement from the Justice Department.

According to court documents, Karvia Cross, 39, of Bowie, participated in and recruited others to engage in a fraudulent identity-theft scheme targeting Langley Federal Credit Union (LFCU).

In 2015 and 2016, LFCU received numerous online membership and consumer loan applications in the names of stolen identities that were victims of the OPM data breach. LFCU approved and issued the requested memberships and loans prior to determining that they had been sought using the stolen personal identifying information of others.

LFCU disbursed loan proceeds via checks and transfers into the checking and savings accounts opened through these fraudulent applications. Vehicle loan proceeds were disbursed by checks made payable to individuals posing as vehicle sellers, while personal loan proceeds were disbursed to LFCU accounts opened in connection with the fraudulent loan applications and transferred to accounts of others. Cross and others then accessed and withdrew the fraudulently obtained loan proceeds.

Cross pleaded guilty to conspiracy to commit bank fraud and aggravated identity theft. She faces a maximum penalty of 30 years and a consecutive mandatory minimum of two years in prison when sentenced on October 26.

Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.

Speculation About Use of the Stolen Data

According to Reuters, the Justice Department has not yet announced how Cross obtained the data.

When the OPM data breaches were announced in 2015, it wasn’t clear if the stolen data were going to be used for commercial gain or it was espionage from China. A CNN report at the time said that China might be building a database to use for future attacks. China has denied any involvement.

Safeguarding Federal Employee Data

Lawmakers have been pushing to provide free lifetime identity theft protection to federal workers impacted by the OPM data breaches. Free protection has been provided but is currently scheduled to last through 2026. As of the time of this writing, this legislation has not advanced further.

A recent OPM Inspector General report said that OPM’s IT security is still not where it ultimately needs to be to protect the agency’s data, although improvements have been made.

Want to see more articles like this one? Sign up for FedSmith's free email lists!

© 2019 Ian Smith. All rights reserved. This article may not be reproduced without express written consent from Ian Smith.

Tags:

About the Author

Ian Smith is one of the co-founders of FedSmith.com. He enjoys writing about current topics that affect the federal workforce.

Top