Update: The Justice Department provided a response to Senator Warner’s letter with more information about this case.
Two lawmakers recently sent letters seeking more information as to how the personal data of current and former federal employees ended up in the hands of a woman who used the data as part of a bank fraud scheme in Maryland.
Congressman Gerry Connolly (D-VA) and Senator Mark Warner (D-VA) both sent letters about the matter to different agency officials.
Connolly sent a letter to Attorney General Jeff Sessions in which he requested a meeting “on how we can better balance the needs of this particular prosecution and related investigations with breach victims’ need to know how their PII is being obtained by criminals.”
Warner’s letter went to both Sessions and OPM Director Jeff Pon. He called the situation “unacceptable” and said more information needs to be provided to breach victims about how their personal data are being used for fraudulent purposes.
Warner’s letter mentioned it specifically, but the common theme in both letters is that it is unclear as to why or how all publicly available information heretofore said that the OPM data breaches were caused by Chinese hackers, but somehow at least some of the data found were used domestically as in the case of the Maryland woman who recently pleaded guilty.
The Justice Department did update its press release on the Maryland case, but it does still reference “stolen identification information of victims of the U.S. Office of Personnel Management data breach” and adds that “…numerous victims of the LFCU identity theft fraud also identified themselves to DOJ as victims of the OPM Data Breach. The Government continues to investigate the ultimate source of the PII used by the defendants and how this PII was obtained.”
OPM and the Justice Department have not provided much by way of additional details about how the personal data ended up being obtained in the Maryland bank fraud case, so it will be interesting to see if Congress fares any better in getting answers.