When John Gordon Baden was arrested in Mexico in November 2014, the FBI issued a press release that provided background on the case. The allegations reproduced below are only for historical purposes:
John Gordon Baden along with his co-conspirators were allegedly responsible for stealing the identities of 40,000 people and then using the stolen information to siphon funds from their brokerage or bank accounts and purchase expensive electronic items with their credit. The losses are estimated to be in the millions of dollars.
In July 2014, Baden along with his two co-conspirators, Jason Ray Bailey and Victor Alejandro Fernandez, were indicted by a federal grand jury seated in the Southern District of California, San Diego, California, on a number of federal charges to include conspiracy to commit wire fraud, computer hacking, aggravated identity theft, and wire fraud. Baden was indicted specifically on federal charges of conspiracy to commit wire fraud, wire fraud, and computer hacking. The charges were the result of an FBI investigation into Baden and his two co-conspirators who operated a criminal enterprise that exploited vulnerabilities in computer servers of a U.S. mortgage broker.
According to the indictment, Baden and his co-conspirators obtained mortgage applications containing customers personal identification information such as names, dates of birth, Social Security numbers, addresses, assets, tax information, and driver’s licenses by hacking into the company’s computer servers. While the criminal enterprise was based in Tijuana, Mexico, their victims stretched from California to Florida and states in between.
According to the indictment, during the period July 2011 to August 2013, Bailey, Fernandez, and Baden knowingly and intentionally engaged in a scheme whereby they would obtain and share log-in credentials that enabled them to gain unauthorized access to a U.S. mortgage broker company’s electronic customer records and the BlitzDocs computer application that the company used to manage these records.
Baden and his co-conspirators would then use log-in credentials without authorization to access BlitzDocs and the company’s electronic records and thereby steal customer’s personal identifiable information (PII). Baden and his co-conspirators would then use this stolen PII, along with PII stolen from other victims and businesses, to defraud merchants and financial institutions, for their private financial gain.
A third alleged co-conspirator, Joel Nava, was subsequently charged, and will be going to trial.
Baden subsequently pleaded guilty to wire fraud conspiracy, wire fraud, and computer hacking, although he contested the number of victims and the amount of loss the government claimed.
Today he was sentenced to nine years in prison. Kristina Davis of the San Diego Tribune reports:
Baden also was found in possession of a list containing the personal information of some 20,000 other people who were not affiliated with the mortgage broker, prosecutors said.
[…]
While the defendants had access to an enormous amount of personal information, prosecutors put on evidence that the men actually misappropriated the identities of about 250 victims, a number they argue is likely conservative.
The victims were reimbursed by their financial institutions and the stores, leaving the businesses to foot the bill.
Prosecutors argued that the losses these companies incurred reached at least $2.5 million total — an amount that the defense disputed. After an evidentiary hearing on the matter was heard, the court ruled the losses were below $1 million but more than $400,000.