Cybersecurity

DOJ says fraud case may not be linked to OPM breach

The Department of Justice now says that an identity fraud case may not be linked to the massive Office of Personnel Management (OPM) breach after all, saying a press release prematurely implied a connection between the two.

Stephen Boyd, the Justice Department’s assistant attorney general for legislative affairs, was responding to questions from Sen. Mark Warner (D-Va.) about a press release issued last month by the U.S. District Court for the Eastern District of Virginia announcing that a Maryland woman had pleaded guilty to identity theft charges. 

{mosads}The initial release stated that the woman participated in a scheme to use data from the OPM breach to obtain fraudulent loans through Virginia-based Langley Federal Credit Union. However, officials later revised the release to remove references to the OPM breach, spurring questions as to why. 

In a letter to Warner on Monday, Boyd wrote that, while several victims of the scheme reported also being victims of the OPM breach, federal investigators have not yet found a definitive link between the fraud case and the OPM breach.

“A number of the victims of this scheme identified themselves to the Department of Justice as victims of the OPM data breach,” Boyd wrote. “However, at present, the investigation has not determined precisely how their identity information used in this case was obtained and whether it can, in fact, be sourced directly to the OPM data breach. Because the victims in this case had other things in common in terms of employment and location, it is possible that their data came from another common source.”

Boyd further said that the initial release “implied a premature conclusion that the exclusive and known source of the stolen identities used in the Langley Federal Credit Union fraud case was the OPM data breach.”

The U.S. Attorney’s Office reviewed the case and ultimately revised and reissued the press release after receiving inquiries about the connection, Boyd explained. The amended release contains an update stating that the government is still investigating the source of the stolen personal information used in the scheme. 

Kariva Cross, the Maryland woman, pleaded guilty to conspiracy to commit bank fraud and aggravated identity theft and faces a sentence of up to 30 years in prison. Cross will be sentenced in late October. 

OPM revealed in 2015 that hackers had breached its systems and stolen personal information on more than 20 million Americans, most of them federal workers. The massive breach was subsequently linked to China-based hackers.

DOJ Letter by blc88 on Scribd