Time to play “Now Which Breach Was This and Did We Know About It?”
Wisly Toussaint, of Miami, Florida, was convicted by a federal jury of one count of conspiracy to commit access device fraud, in violation of Title 18, United States Code, Section 1029(b), two counts of access device fraud, in violation of Title 18, United States Code, Section 1029(a), and five counts of aggravated identity theft, in violation of Title 18, United States Code, Section 1028A. Sentencing is scheduled for January 8, 2015 before U.S. District Judge Joan A. Lenard. Toussaint faces a maximum term of 25 years in prison for the conspiracy and access device charges, and at least one mandatory term of two years in prison, consecutive to any other term in prison, for the aggravated identity theft charges.
According to evidence presented during the five-day trial, Toussaint possessed and trafficked in personal identifying information (PII), that is names, dates of birth and social security numbers, stolen from a mental health facility in Philadelphia, Pennsylvania. In October of 2013, Toussaint was approached by two individuals cooperating with law enforcement and agreed to sell the cooperators the stolen PII, which Toussaint stated he obtained from a partner in Sarasota, Florida. Toussaint later sold the cooperators hundreds of identities stolen from the mental health facility in two separately recorded meetings.
SOURCE: U.S. Attorney’s Office, Southern District of Florida
So what Philadelphia facility was this? I was able to find a clue in the court filings as to the identity of the facility, but without confirmation, I am reluctant to name them in case I am wrong in my supposition. I will say that if I am correct, this is not a breach that showed up in HHS’s public breach tool.