DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hacker Gets 13 Years in Prison for Massive International ID Theft

Posted on July 14, 2015 by Dissent

There’s an important update in the case that involved Court Ventures/U.S. Info/Experian, and Dun & Bradstreet, although the government doesn’t name the businesses in its press release. James Eng reports:

A Vietnamese national was sentenced to 13 years in prison for hacking into U.S. businesses’ computers, stealing personally identifiably information (PII), and selling to other cybercriminals his fraudulently-obtained access to PII belonging to approximately 200 million U.S. citizens.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting U.S. Attorney Donald Feith of the District of New Hampshire and Director Joseph P. Clancy of the U.S. Secret Service made the announcement.

Hieu Minh Ngo, 25, was sentenced today by U.S. District Court Judge Paul J. Barbadoro of the District of New Hampshire.  Ngo previously pleaded guilty to federal charges brought in the District of New Hampshire and the District of New Jersey, including wire fraud, identity fraud, access device fraud and four counts of computer fraud and abuse.

“From his home in Vietnam, Ngo used Internet marketplaces to offer for sale millions of stolen identities of U.S. citizens to more than a thousand cyber criminals scattered throughout the world,” said Assistant Attorney General Caldwell.  “Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition.  Identifying and prosecuting cybercriminals like Ngo is one of the ways we’re working to change that cost-benefit analysis.”

“This case demonstrates that identity theft is a worldwide threat that has the potential to touch every one of us,” said Acting U.S. Attorney Feith.  “I want to acknowledge the excellent work of the United States Secret Service in identifying and capturing Mr. Ngo.  This case proves that the United States Attorney’s Office for the District of New Hampshire will work with law enforcement to investigate and prosecute identity thieves, even if they are halfway around the world.”

“The sentencing of this transnational cybercriminal illustrates another example of Secret Service success in the disruption and dismantling of global criminal networks,” said Director Clancy.  “This investigation and the resulting prosecution and sentencing should serve as a warning to criminals that we will relentlessly investigate, detect, and defend the Nation’s financial infrastructure.  This sentencing joins a long list of successes in combating financial crimes over our 150 year history.”

According to admissions made in connection with his guilty plea, from 2007 to 2013, Ngo operated online marketplaces from his home in Vietnam, including “superget.info” and “findget.me,” to sell packages of stolen PII.  These packages, known as “fullz,” typically included a person’s name, date of birth, social security number, bank account number and bank routing number.  Ngo also admitted to acquiring and offering for sale stolen payment card data, which typically included the victim’s payment card number, expiration date, CVV number, name, address and phone number.  Ngo admitted that he obtained some of the stolen PII by hacking into a New Jersey-based business and stealing customer information.

In addition to selling the “fullz,” Ngo admitted to offering buyers the ability to query online databases for the stolen PII of specific individuals.  Specifically, Ngo admitted that he offered access to PII for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million “queries” through the third-party databases maintained on his websites.

Ngo made nearly $2 million from his scheme.  The Internal Revenue Service has confirmed that 13,673 U.S. citizens, whose stolen PII was sold on Ngo’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns.

The case was investigated by the U.S. Secret Service’s Manchester Resident Office.  The case is being prosecuted by Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Arnold H. Huftalen of the District of New Hampshire.

The case out of the District of New Jersey was investigated by the FBI, and is being prosecuted by the U.S. Attorney’s Office of the District of New Jersey.

SOURCE: U.S. Attorney’s Office, District of New Hampshire

Related posts:

  • EXCLUSIVE: U.S. Info Search is responsible for notifying victims of breach, not us – Experian
  • Leader of International Malvertising and Ransomware Schemes Extradited from Poland to Face Cybercrime Charges
  • First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals Selling Illicit Goods and the Seizure of Weapons, Drugs and More Than $23.6 Million
  • Roman Seleznev pleads guilty to federal charges in Georgia and Nevada
Category: Business SectorHackID TheftOf NoteU.S.

Post navigation

← Update: Former Dothan police officer faces more ID theft charges
722 UPMC Health Plan customers affected by data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.