An insider breach at the former Electronic Data Systems flew pretty much flew under the media radar, it seems. A recent press release notes:
Alchico Grant, a resident of Montgomery, Ala., pleaded guilty to his role in two tax fraud and identity theft conspiracies, the Justice Department and the Internal Revenue Service (IRS) announced today. In addition to pleading guilty to one count of conspiracy to defraud the government with respect to claims, Grant pleaded guilty to two counts of theft of government money, property or records, one count of wire fraud and one count of aggravated identity theft.
Along with four other defendants, Grant was indicted by a federal grand jury sitting in Montgomery on Dec. 14, 2010, on a variety of charges stemming from a large-scale tax fraud and identity theft conspiracy based in that city. According to the indictment, plea agreement and other court documents, the conspirators used stolen identities to file more than 500 fraudulent tax returns claiming millions of dollars in false tax refunds over a two-year period in 2009 and 2010. According to the plea agreement, Grant agreed that the loss associated with this case was more than $2.5 million but less than $7 million. He also agreed that this offense involved more than 250 or more victims.
While the latest press release does not reveal the source of the identity information, a press release issued after the indictments, had stated:
According to the superseding indictment, the defendants conspired to fraudulently obtain federal income tax refunds by using stolen identities to file tax returns. [Veronica] Dale illegally obtained stolen identity information during her earlier employment at Electronic Data Systems Inc., and passed that information along to her co-conspirators. Clayton also obtained identity information from other sources. Clayton and Dale electronically filed false tax returns using the stolen identities and had the refunds deposited into bank accounts and prepaid debit cards they controlled. Dale and Grant purchased prepaid debit cards to receive refunds, while Adams made her bank account available to receive refunds.
Most press releases and media coverage of the case have not named Electronic Data Systems or the other sources, and I find no mainstream media coverage of the EDS part of the breach.
If an insider breach at Electronic Data Systems sounds familiar, it may because they had a similar insider data breach in 2007 when an employee stole almost 500 Medicaid recipients’ identity information and sold it to others who used it for a tax fraud ring. It is not clear whether there is any connection between that case and the current one.
HP, who bought out EDS and now markets it as HP Enterprise Services, did not respond to inquiries about the breach by the time of this publication.