DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

GA: Emory University law students and medical students targeted in ID theft scheme

Posted on December 13, 2013 by Dissent

Schools need to remain cognizant that “directory information,” not protected by FERPA, can be used for ID theft.

Maario Coleman and Angela Russell have been arraigned for operating a scheme to obtain thousands of dollars by stealing the identities of Emory University law and medical students and using them to apply for loans.

According to United States Attorney Yates, the charges, and other information presented in court: Coleman obtained lists of students graduating in the class of 2013 by checking university websites and attending graduation ceremonies.  Coleman and Russell used that information to obtain the students’ dates of birth and social security numbers from online databases.  The defendants then used those personal identifiers to apply for post-graduate “bar loans” and “residency loans” at Discover Bank.  “Bar loans” are designed to pay for living expenses and exam preparation while law school graduates studied for the bar exam.  Similarly, “residency loans” assist medical school graduates with the costs of residency, relocation, and board exam review courses.

In many instances, Discover required school transcripts before it would approve and fund the loans.  To satisfy this requirement, Coleman and others used the personal identifiers of the victims to obtain passwords to access Emory’s online portal and order the victims’ transcripts.  The transcripts were mailed to other participants in the scheme, and Coleman then coordinated sending the transcripts to Discover.  He also arranged for the loan proceeds to be deposited into bank accounts fraudulently opened in the victims’ names.  After the loans were funded, other participants in the scheme obtained the funds via ATM withdrawals.

The investigation showed that the scheme began as early as May 2013, and continued until at least November 6, 2013.  On that date, law enforcement officers, including federal agents, interviewed Russell regarding the scheme.  Following the interview, the agents went to a second location, and then returned to Russell’s residence.  When they arrived, agents became alarmed by a large volume of smoke they saw rising from Russell’s apartment.  After entering the apartment, the agents found Coleman and Russell inside, with fire and smoke coming from the fireplace.  The agents put out the fire with an extinguisher and discovered documents and computer equipment, including hard drives and at least one laptop, all either burned in the fire, dismantled or gouged.

To date, investigators have identified over $200,000 in false loan applications.  In addition, over 100 students at Emory and other Georgia universities have had their personal information compromised.  The fraud was discovered when several Emory students contacted the Emory Police Department after realizing that their personal information had been compromised.  The investigation is ongoing.

The indictment charges Coleman, 27, of Decatur, Ga., with one count of conspiracy to commit bank fraud, three counts of aggravated identity theft, one count of computer fraud, and one count of tampering with computers and documents.  Russell, 42, of Dunwoody, Ga., is charged with one count of conspiracy to commit bank fraud, one count of aggravated identity theft, and one count of tampering with computers and documents.  Both appeared before Linda T. Walker, United States Magistrate Judge.

The bank fraud conspiracy and tampering charges each carry a maximum sentence of 20 years in prison.  The computer fraud charge carries a maximum sentence of 5 years in prison.  The aggravated identity theft charges carry at least one mandatory two-year consecutive sentence, in addition to any other sentence imposed.  In addition, the bank fraud count carries a fine of up to $1,000,000, and the computer fraud and tampering counts each carry a fine of up to $250,000.  In determining the actual sentence, the Court will consider the United States Sentencing Guidelines, which are not binding but provide appropriate sentencing ranges for most offenders.

Members of the public are reminded that the indictment only contains charges.  The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation and the Emory University Police Department.

Assistant United States Attorney Shanya Dingle is prosecuting the case.

For further information please contact the U.S. Attorney’s Public Affairs Office at [email protected] or (404) 581-6016.  The Internet address for the home page for the U.S. Attorney’s Office for the Northern District of Georgia Atlanta Division ishttp://www.justice.gov/usao/gan/ .

SOURCE: U.S. Attorney’s Office, Northern District of Georgia

No related posts.

Category: Education SectorID Theft

Post navigation

← EZ Yield notifying customers of hack involving online hotel reservation system
VA: Hacker Sentenced For Breaking Into Medical School Application Computers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.