Hacking Case Leads Breach RoundupNY Detective Paid Others to Hack Officers' E-mails
In this week's breach roundup, a detective with the New York City Police Department pleaded guilty to computer hacking crimes. Also, another New Yorker admitted his role as a leader in a large stolen identity tax refund fraud case.
See Also: The Global State of Online Digital Trust
NYPD Detective Pleads Guilty to Hacking
Edwin Vargas, a detective with the New York City Police Department, has pleaded guilty to computer hacking crimes, according to Preet Bharara, U.S. attorney for the Southern District of New York.
The detective paid others to hack into e-mail accounts, including those of NYPD officers and employees, and also accessed a federal law enforcement database without authorization to obtain information about other NYPD officers, according to the U.S. attorney.
Between April 2010 and October 2012, Vargas had paid to have the e-mail accounts hacked into, obtaining log-in credentials, including usernames and passwords. In total, Vargas purchased hacks of at least 43 personal e-mail accounts and one cellular phone. After receiving the credentials, Vargas accessed at least one personal e-mail account, the U.S. attorney says.
Vargas pleaded guilty to one count of conspiring to commit computer hacking and one count of computer hacking. Each count carries a maximum sentence of one year in prison. His sentencing date is March 14, 2014.
Guilty Plea in ID Theft Case
Jose Torres of Bronx, N.Y., has pleaded guilty for his role as a leader in one of the largest stolen identity tax refund fraud cases ever identified, according to U.S. Attorney Paul J. Fishman.
Torres pleaded guilty to charges of conspiracy to defraud the U.S., theft of government property and aggravated identity theft. The fraud scheme caused more than 8,000 fraudulent U.S. income tax returns to be filed, which sought more than $65 million in tax refunds and resulted in losses of more than $12 million.
In the scheme, Torres and others obtained personal identifiers, such as birth dates and Social Security numbers, belonging to Puerto Rican citizens, the U.S. attorney says. Torres then directed others to create fraudulent 1040 forms using the identifiers, which were filed electronically.
Torres and others received the refund checks by bribing mail carriers to intercept checks and deliver them to other conspirators, authorities say. In exchange for cash payments, the carriers gave checks to conspirators who sold them to other conspirators, the release says.
The conspiracy count is punishable by a maximum potential penalty of five years in prison and up to a $250,000 fine. The count of theft of government property is punishable by a maximum potential penalty of 10 years in prison and up to a $250,000 fine. The aggravated identity theft count is punishable by a statutory mandatory minimum sentence of two years in prison, which must be run consecutively to any other sentence.
Torres previously pleaded guilty in the Southern District of New York to charges arising out of the same scheme. He will be sentenced in the Southern District of New York on the charges from both states at a date to be determined.
Stolen Laptop Affects 11,500 Patients
An unencrypted laptop was stolen from the vehicle of an employee of dialysis provider DaVita, compromising 11,500 patients' information, the company reports.
DaVita, a division of DaVita HealthCare Partners Inc., maintains a company-wide program and policy requiring encryption of laptop computers, but says that it discovered that the encryption technology for the stolen laptop had been unintentionally deactivated.
Compromised information includes patient names, clinical diagnoses, insurance carrier name, claims payment data and dialysis treatment information, the company reports. For approximately 375 patients, the information stored on the laptop included Social Security numbers.
The company is offering affected patients one year of free credit monitoring services.
Hospital Alerts Patients to Incident
North Country Hospital in Newport, Vt., is notifying patients regarding a privacy breach after a former employee refused to return a company laptop.
"It is our belief that the patient health information is password protected and that this individual has access to the appropriate password(s) by virtue of his former position with the hospital," according to a statement issued by the hospital.
The hospital demanded the return of the laptop, but the individual has failed to comply.
The incident was reported to federal, state and local enforcement agencies. The hospital is working to regain possession of the laptop to determine its contents and to what extent patient information is accessible on it.
North Country Hospital also reported the incident to the Vermont Attorney General's office and the U.S. Department of Health and Human Services, the statement says.