DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Former employee of Veterans Affairs indicted for attempted sale of personal info of veterans and employees

Posted on January 26, 2018 by Dissent

LITTLE ROCK—Cody Hiland, United States Attorney for the Eastern District of Arkansas, announced today the unsealing of an indictment charging Phillip Hill, 32, of Benton, a former Department of Veterans Affairs (VA) database manager, with attempting to sell the personal information of veterans and VA employees.

The indictment, returned by a grand jury in the Eastern District of Arkansas on January 9, 2018, and unsealed today, charges Hill with attempted trafficking of access devices (i.e., social security numbers), aggravated identity theft, and possession of device-making equipment. Hill was previously arrested on December 17, 2017, and charged via complaint on December 18, 2017. Today Hill appeared before United States Magistrate Judge Joe J. Volpe and was released on bond. Trial is set for March 5, 2018.

The investigation revealed that Hill offered to sell the personal data of veterans, their dependents, and VA employees for $100,000 to a confidential source working with law enforcement. Hill was terminated by the VA on December 6, 2017. After being fired from the VA, Hill said he could still access the information remotely with a VA computer in his possession, or by stealing a VA server. Hill was arrested outside a secure area at the VA that housed the data he was offering for sale. Law enforcement officers executing a search warrant found a VA computer in Hill’s home.

“Mr. Hill tried to use his position and skills to enrich himself at the expense of veterans who have honorably served our country, and the VA employees working to serve them,” Hiland said. “This indictment reflects our commitment to defending our veterans and federal employees from those who take advantage of their public service by illegally accessing and selling their personal information. It will not be tolerated and will be prosecuted to the fullest extent of the law.”

Law enforcement officers arrested Hill before he could sell the VA data. Through a variety of investigative methods, investigators also discovered that Hill committed aggravated identity theft by using the personal information of another person, and illegally possessed blank identification cards.

The maximum penalty for trafficking in social security numbers is up to 10 years’ imprisonment and three years of supervised release. The penalty for aggravated identity theft is two years’ imprisonment and one year of supervised release. The maximum penalty for possessing access device-making equipment is up to 15 years’ imprisonment and three years of supervised release. Additionally, each of these offenses is also punishable by a fine of not more than $250,000.

The case is being investigated by the Department of Veterans Affairs, Office of Inspector General, and United States Secret Service. It is being prosecuted by Assistant United States Attorneys Ali Ahmad and Hunter Bridges.

An indictment contains only allegations. A defendant is presumed innocent unless and until proven guilty.

Source: U.S. Attorney’s Office, Eastern District of Arkansas

Category: Government SectorInsiderU.S.

Post navigation

← NM: Dr. Zachary E. Adkins DDS, LLC notifies patients of stolen hard drive
Jail for man who hacked 1000 student email accounts in search for sexually explicit images →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.