DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Missouri man pleads guilty to his role in computer hacking, ID theft scheme enabled by consumers’ re-use of login credentials

Posted on December 7, 2013 by Dissent

Tammy Dickinson, United States Attorney for the Western District of Missouri, announced that the fifth and final defendant pleaded guilty in federal court Thursday to his role in a $725,000 fraud scheme that involved hacking into business computer systems to steal the identity information of hundreds of their customers.

Vince Evola, 45, of Gladstone, Mo., pleaded guilty before U.S. Chief District Judge Fernando J. Gaitan to conspiracy to commit mail fraud.

By pleading guilty, Evola admitted that he participated in a computer hacking and identity theft scheme with his ex-wife, Kimberly Evola, 45, of Gladstone, his sisters, Carrie Evola, 46, of Gladstone and Rosemary Evola, 42, of Overland Park, Kan., and Sael Mustafa, 35, a citizen of Jordan who resided in Gladstone.

The three-year-long scheme, which began in 2006, was designed to obtain stolen credit and debit card numbers from hundreds of victims and use that information to make online purchases. Vince Evola acknowledged in the plea agreement that a loss between $30,000 and $70,000 can be attributed to his conduct.

All of Vince Evola’s co-defendants already have pleaded guilty and been sentenced. Mustafa, the leader of the scheme, was sentenced on July 8, 2011, to 10 years in federal prison without parole and ordered to pay restitution to his victims. Mustafa committed a substantial part of the fraud scheme outside the United States. Before moving to Gladstone, Mustafa used the wireless network at an Internet café in Jordan to hack into company Web sites, as well as to use the stolen identity information to access online credit card accounts and to conduct fraudulent transactions. He moved from Jordan to Gladstone in January 2009 and continued to operate the scheme until April 2009.

Court documents describe the computer hacking, identity theft and fraud scheme as follows:

Step One: The Computer Hack

Mustafa accessed the computer servers that hosted the Web sites of several businesses to access customer databases and download the customers’ personal information. Mustafa exploited these businesses for presumably less secure information, such as e-mail addresses, Web site passwords and security questions. This information was usually provided to the business by a customer registering on the Web site for online services such as a company newsletter, making a reservation, buying a gift card, or receiving e-mail coupons.

Step Two: Accessing Credit Card Accounts

Mustafa and his co-conspirators then tried to use this stolen customer information at major credit card Web sites. Mustafa counted on the likelihood that many identity theft victims used the same password for the hacked accounts that they used for their online credit card accounts. Mustafa visited various credit card Web sites and, by trial and error, tested the stolen identity information to see if it matched the login and password information for their credit card account. If a victim had an account at a particular credit card Web site, and if the victim used the same login and password information, Mustafa was able to access their accounts.

Step Three: Using the Victims’ Accounts

After gaining access to victims’ credit card accounts, conspirators purchased more than $240,000 worth of airline tickets (both domestic and international) and more than $30,000 in gift cards online. They also sent, or attempted to send, more than $344,000 in wire transfers and conducted more than $106,000 in other fraudulent online transactions (such as a subscription to the Al-Jazeera Channel). They purchased gift cards or made purchases online from businesses such as Hy-Vee, Nebraska Furniture Mart, AMC Theaters, Bass Pro Shop, Hallmark, Liz Claiborne, Lowes, Red Lobster, Olive Garden, PF Chang’s, and Zales, among others. They directed the products to be mailed to their residences.

Under federal statutes, Evola is subject to a sentence of up to 20 years in federal prison without parole, plus a fine up to $250,000. A sentencing hearing will be scheduled after the completion of a presentence investigation by the United States Probation Office.

This case is being prosecuted by Assistant U.S. Attorney Matthew P. Wolesky. It was investigated by the U.S. Postal Inspection Service and the Gladstone, Mo., Police Department.

SOURCE: U.S. Attorney’s Office, Western District of Missouri

No related posts.

Category: Business SectorHackID Theft

Post navigation

← JPMorgan Chase & Co. explains delay in notifying Connecticut about online security breach
UK: PSNI to pay £20k in damages to Special Branch officer whose details were stolen in Castlereagh police station raid →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.