DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

GA: Emory University law students and medical students targeted in ID theft scheme

Posted on December 13, 2013 by Dissent

Schools need to remain cognizant that “directory information,” not protected by FERPA, can be used for ID theft.

Maario Coleman and Angela Russell have been arraigned for operating a scheme to obtain thousands of dollars by stealing the identities of Emory University law and medical students and using them to apply for loans.

According to United States Attorney Yates, the charges, and other information presented in court: Coleman obtained lists of students graduating in the class of 2013 by checking university websites and attending graduation ceremonies.  Coleman and Russell used that information to obtain the students’ dates of birth and social security numbers from online databases.  The defendants then used those personal identifiers to apply for post-graduate “bar loans” and “residency loans” at Discover Bank.  “Bar loans” are designed to pay for living expenses and exam preparation while law school graduates studied for the bar exam.  Similarly, “residency loans” assist medical school graduates with the costs of residency, relocation, and board exam review courses.

In many instances, Discover required school transcripts before it would approve and fund the loans.  To satisfy this requirement, Coleman and others used the personal identifiers of the victims to obtain passwords to access Emory’s online portal and order the victims’ transcripts.  The transcripts were mailed to other participants in the scheme, and Coleman then coordinated sending the transcripts to Discover.  He also arranged for the loan proceeds to be deposited into bank accounts fraudulently opened in the victims’ names.  After the loans were funded, other participants in the scheme obtained the funds via ATM withdrawals.

The investigation showed that the scheme began as early as May 2013, and continued until at least November 6, 2013.  On that date, law enforcement officers, including federal agents, interviewed Russell regarding the scheme.  Following the interview, the agents went to a second location, and then returned to Russell’s residence.  When they arrived, agents became alarmed by a large volume of smoke they saw rising from Russell’s apartment.  After entering the apartment, the agents found Coleman and Russell inside, with fire and smoke coming from the fireplace.  The agents put out the fire with an extinguisher and discovered documents and computer equipment, including hard drives and at least one laptop, all either burned in the fire, dismantled or gouged.

To date, investigators have identified over $200,000 in false loan applications.  In addition, over 100 students at Emory and other Georgia universities have had their personal information compromised.  The fraud was discovered when several Emory students contacted the Emory Police Department after realizing that their personal information had been compromised.  The investigation is ongoing.

The indictment charges Coleman, 27, of Decatur, Ga., with one count of conspiracy to commit bank fraud, three counts of aggravated identity theft, one count of computer fraud, and one count of tampering with computers and documents.  Russell, 42, of Dunwoody, Ga., is charged with one count of conspiracy to commit bank fraud, one count of aggravated identity theft, and one count of tampering with computers and documents.  Both appeared before Linda T. Walker, United States Magistrate Judge.

The bank fraud conspiracy and tampering charges each carry a maximum sentence of 20 years in prison.  The computer fraud charge carries a maximum sentence of 5 years in prison.  The aggravated identity theft charges carry at least one mandatory two-year consecutive sentence, in addition to any other sentence imposed.  In addition, the bank fraud count carries a fine of up to $1,000,000, and the computer fraud and tampering counts each carry a fine of up to $250,000.  In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.

Members of the public are reminded that the indictment only contains charges.  The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation and the Emory University Police Department.

Assistant United States Attorney Shanya Dingle is prosecuting the case.

For further information please contact the U.S. Attorney’s Public Affairs Office at [email protected] or (404) 581-6016.  The Internet address for the home page for the U.S. Attorney’s Office for the Northern District of Georgia Atlanta Division ishttp://www.justice.gov/usao/gan/ .

SOURCE: U.S. Attorney’s Office, Northern District of Georgia

Category: Education SectorID Theft

Post navigation

← EZ Yield notifying customers of hack involving online hotel reservation system
VA: Hacker Sentenced For Breaking Into Medical School Application Computers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.